Part of MP 7.0 tasks

[Emily-Jiang]

In response to the work of MP JWT bridge, some optional parts has been moved to MP JWT Bridge. It will be great if the next release of this spec completes the following tasks to be part of MP 7.0:

• These optional parts need to be removed from this spec.
• Re-basing this spec on Jakarta EE 10 Core Profile specifications to allow more runtimes to adopt this specification.

[Emily-Jiang]

@sberyozkin fyi

[sberyozkin]

@Emily-Jiang What is implied by re-basing ? Can you please clarify what has been done in this regard for example in MP Config ?

[Emily-Jiang]

I meant to use the mp parent pom version 3.x

[Emily-Jiang]

@sberyozkin can you confirm whether MP JWT Auth will have a release to be included in MP 7.0?

[sberyozkin]

@Emily-Jiang Sorry, missed it, what is the deadline for doing this release ?

[Emily-Jiang]

@Emily-Jiang Sorry, missed it, what is the deadline for doing this release ?

@sberyozkin you need to do the release by May 3rd. Details are here.

[sberyozkin]

Thanks @Emily-Jiang Let me check how updating the pom with the new parent goes, I think we should be able to get some clean up and release it by May 3rd

[Emily-Jiang]

Thanks @Emily-Jiang Let me check how updating the pom with the new parent goes, I think we should be able to get some clean up and release it by May 3rd

@sberyozkin thanks

[sberyozkin]

@Emily-Jiang I see MP Config still using the 2.x parent, https://github.com/eclipse/microprofile-config/blob/main/pom.xml.

Can you clarify please why the MP Config main still on the 2.x parent ?

[sberyozkin]

All candidates for 3.0:

#323 Remove optional spec texts and TCK tests
#319 (Make it clear the preferred_user_name is not unique)
#314 TCK test for the clock skew property
#288 Now is the good time to make RSA-OAEP-256 a default decryption algorithm
#142 RSA key sizes now must be expected to be at least 2048, 1024 is in old past. Perhaps a property can be added to support them if really needed
#327 Allow to retrieve token headers

And consider aligning how the default signature algorithm is supported with the way it was done for the decryption, i.e, if no value is set - both RS256 and ES256 can be accepted

[Emily-Jiang]

@Emily-Jiang I see MP Config still using the 2.x parent, https://github.com/eclipse/microprofile-config/blob/main/pom.xml.

Can you clarify please why the MP Config main still on the 2.x parent ?

Moving up to 3.x requires a major release and also there is a plan to make more update on Jakarta Config. At the moment, the Config team did not invest much on MP Config.

[sberyozkin]

Thanks @Emily-Jiang I'm just not sure that MP JWT should do it without its key dependency, MP Config, not doing it, seems like there should be an alignment across the board

[Emily-Jiang]

Thanks @Emily-Jiang I'm just not sure that MP JWT should do it without its key dependency, MP Config, not doing it, seems like there should be an alignment across the board

You should do it. MP Config is in a unique situation.

[sberyozkin]

@Emily-Jiang Can you explain what exactly will updating MP JWT 3.0 to the MP parent 3.x will give its users ? What other indirect requirements will be implied for MP JWT 3.0, and for the runtimes which will have to run MP JWT 3.0 implementations ?
It is a little bit abstract at the moment.

Thanks

[Emily-Jiang]

Based on the recent conversation here, there is no need to rebase on Jakarta EE 10 Core Profile if you don't need to use any Jakarta EE core profile features. I'm closing this issue.