[keycloak-dev] [keycloak-gatekeeper][KEYCLOAK-7175] upgrade from coreos/go-oidc.v1
BIDON Frederic
fredbi at yahoo.com
Tue Jan 8 09:14:49 EST 2019
Relying on a stale package such as `github.com/coreos/go-oidc.v1` is really annoying for a security product.
Moreover, this library has no support for tokens with an EC signature.
I've tried a bit to remove this but I felt like the choice of a proper library should be discussed.
Here is my two cents:
- coreos/go-oidc.v2 does not add much compared to stdlib `x/oauth2`: there is remote JWKS fetcher which might be useful, although this is in fact `square/go-jose` that does the heavy lifting here
- I found `square/go-jose` good enough for JWK and JWKS, but rather unpractical for JWT. I found `dgrijalva/jwt-go` much handier when it comes to manipulate JWT
Any ideas / challenges around for a proper choice of dependencies here?
Cheers,
Frédéric
frederic.bidon at yahoo.com
More information about the keycloak-dev
mailing list