Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?

Start with the Jakarta Security requirements around JWT and have those demonstrate why or why can't the MP JWT spec be used as a transitive dependency. If everything in an implementation is CDI based, there is no reason why alternatives cannot be configured to adapt to the runtime. 

On Nov 11, 2022 at 12:31:48 PM, arjan tijms <arjan.tijms@xxxxxxxxx> wrote:

On Fri, Nov 11, 2022 at 6:15 PM Scott Stark <starksm64@xxxxxxxxx> wrote:
For specification projects in a related space, the existence of more than one needs to be justified. There is a reason everyone involved in specification/standards work raises this well trodden satire out at some point:

So what do you propose instead then? Having a Jakarta Full-profile or so that includes both EE and MP?

As a Jakarta EE user, we can now freely use Form, Basic, Open ID Connect, but not JWT. Even when a MP profile JWT implementation is added, it's not necessarily based on Jakarta Security. Even in a Jakarta EE server that already includes MP components, its JWT implementation does not necessarily have to be Jakarta Security based. Meaning, things like additional identity stores, interceptors, etc are not being picked up for JWT or may even clash.

Kind regards,
Arjan Tijms

jakartaee-platform-dev mailing list
To unsubscribe from this list, visit

Back to the top