Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restructure JWT documentation #451

Open
ssarmokadam opened this issue Aug 26, 2021 · 3 comments
Open

Restructure JWT documentation #451

ssarmokadam opened this issue Aug 26, 2021 · 3 comments

Comments

@ssarmokadam
Copy link
Member

Current documentation of JWT is at https://devonfw.com/website/pages/docs/devon4j.wiki_devon4j.asciidoc_guides.html#guide-jwt.asciidoc . We can add JWT overview/concept in General section of documentation.
This documentation have link for Spring JWT starter and JWT in Quarkus. We need to check further if we can add more details or some code snippets in both of this section.
Spring JWT and Quarkus JWT should be linked to General section document and vice versa.

@ssarmokadam ssarmokadam transferred this issue from devonfw/devon4quarkus Aug 26, 2021
@baumeister25
Copy link

Hi @ssarmokadam ,

Can you explain what is the current benefit of the JWT-starter in devon4j? In the past I've used open libraries like https://github.com/auth0/java-jwt for working with JWT and that worked out quite easily with very less code.
I'm thinking if we could deprecate the JWT module in favor of a generic documentation for both spring quarkus and spring.

@hohwille
Copy link
Member

As always the website links are meanwhile broken (404). For many years I am suggesting to never put these links and use github links instead but this seems to be like fighting windmills. The link to the guide on github is this one:
https://github.com/devonfw/devon4j/blob/master/documentation/guide-jwt.asciidoc

@hohwille
Copy link
Member

hohwille commented Jun 30, 2022

Can you explain what is the current benefit of the JWT-starter in devon4j? In the past I've used open libraries like https://github.com/auth0/java-jwt for working with JWT and that worked out quite easily with very less code. I'm thinking if we could deprecate the JWT module in favor of a generic documentation for both spring quarkus and spring.

I can give you a rationale:
There are always two aspects:

  • authentication
  • authorization

JWT is mainly authentication but via claims it typically also contains permissions/roles that have impact on authorization.
You need to integrate all this with spring-security and actually spring-security is rather a complex beast to get things done, secure and working smooth.
With devon4j we actually wanted to give projects a jumpstart so they do not have to bother about all these aspects and get the integration out of the box.
And we never implemented the JWT itself in devon4j (generation, validation, parsing, etc.).
For this we are using spring (spring-security-jwt and jjwt) already and https://github.com/auth0/java-jwt is just an alternative implementation of it.

What I do not understand is what is actually missing to be addressed by this issue?
I can find all the things properly documented and would actually close this issue.
If someone can give a concrete aspect what is missing or to be improved, we can proceed.
Otherwise, I will simply close this issue in the next weeks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants