[keycloak-dev] [keycloak-gatekeeper][KEYCLOAK-7175] upgrade from coreos/go-oidc.v1
Stian Thorgersen
sthorger at redhat.com
Mon Jan 14 02:45:11 EST 2019
Bruno - can you reply to this please?
On Tue, 8 Jan 2019 at 15:19, BIDON Frederic <fredbi at yahoo.com> wrote:
>
> Relying on a stale package such as `github.com/coreos/go-oidc.v1`
> <http://github.com/coreos/go-oidc.v1> is really annoying for a security
> product.
>
> Moreover, this library has no support for tokens with an EC signature.
>
> I've tried a bit to remove this but I felt like the choice of a proper
> library should be discussed.
>
> Here is my two cents:
>
> - coreos/go-oidc.v2 does not add much compared to stdlib `x/oauth2`:
> there is remote JWKS fetcher which might be useful, although this is in
> fact `square/go-jose` that does the heavy lifting here
> - I found `square/go-jose` good enough for JWK and JWKS, but rather
> unpractical for JWT. I found `dgrijalva/jwt-go` much handier when it comes
> to manipulate JWT
>
> Any ideas / challenges around for a proper choice of dependencies here?
>
> Cheers,
>
> Frédéric
> frederic.bidon at yahoo.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list