Re: [keycloak-dev] [keycloak-gatekeeper][KEYCLOAK-7175] upgrade from coreos/go-oidc.v1

Relying on a stale package such as `github.com/coreos/go-oidc.v1` <http://github.com/coreos/go-oidc.v1> is really annoying for a security product. Moreover, this library has no support for tokens with an EC signature. I've tried a bit to remove this but I felt like the choice of a proper library should be discussed. Here is my two cents: - coreos/go-oidc.v2 does not add much compared to stdlib `x/oauth2`: there is remote JWKS fetcher which might be useful, although this is in fact `square/go-jose` that does the heavy lifting here - I found `square/go-jose` good enough for JWK and JWKS, but rather unpractical for JWT. I found `dgrijalva/jwt-go` much handier when it comes to manipulate JWT Any ideas / challenges around for a proper choice of dependencies here? Cheers, Frédéric frederic.bidon(a)yahoo.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev