Need the outstanding microprofile-jwt-auth PR merged

[sst...@redhat.com]

We need the following outstanding microprofile-jwt-auth pull request merged:

https://github.com/eclipse/microprofile-jwt-auth/pull/4

This PR has been updated to reflect that agreement reached for the 1.0 specification and API as discussed on today's MP-JWT call.

[John D. Ament]

Hi Scott,

I just started looking at the PR again.  it looks cleaner, but there's still a few issues we need to work out.

1. Do we really need a fully running container to test the spec? Can't we test it at a lower level?

2. This is still bringing in a lot of dependencies.  I wouldn't want the impls tied to this TCK, e.g. I would expect a wildfly-swarm profile as well as a hammock profile, websphere profile etc.

I'm OK with merging it, if the issues are resolved soon after, there's a few more comments in the PR.

I'm not sure who's been attending the JWT calls, but I'll plan to start attending this week.

John

[sst...@redhat.com]

There is a simplified weld-se profile that has a TCK harness class that has to be configured to test a vendor's basic parsing and implementation of the JWTPrincipal, but in general, yes, a full container is required because there are requirements for exposing the JWTPrincipal via the various container security identity APIs as well as the RBAC related APIs.

On this past call we discussed modeling the TCK after what the javaee-samples project does, so yes, there will be vendor profiles for any container that someone wants to submit one for.