Or Spring Security ;-)
Using MP JWP in an implementing project (or even Soteria) comes with the risk of version conflicts (aka „Dependency Hell“) because currently it’s based on
<version.jakarta.authorization-api>2.0.0</version.jakarta.authorization-api>
<version.jakarta.ejb.api>4.0.0</version.jakarta.ejb.api>
And an equally old Jakarta JSON dependency.
If MP JWT even managed to upgrade Jakarta Authorization to 2.1 a Jakarta Security or Soteria version is likely to be ahead again, posing the risk of clashes or having to play with excludes in Maven or Gradle or another dependency Management systems to get rid of the unwanted dependencies.
Kind Regards,
Werner
It is an externally developed specification that describes a simple API for JWTs and integrations with CDI, not an implementation project.
List your reasons why it cannot be consumed as such and extended in Java Security.
I'm not sure I follow. It's either in the Jakarta Security (not Java Security) spec or it's not. If it's not, users would have to add some implementation of MP JWT to their .war files. At that point it's not much different from adding say DeltaSpike, PrimeFaces, etc to a .war.
But maybe you meant something else there?