@@ -81,6 +81,7 @@ audience and that they have not expired.
...
@@ -81,6 +81,7 @@ audience and that they have not expired.
encrypted by freshly generated CEK (Content Encryption Key) that is encrypted by one of asymetric key. Public parts of those keys are share by JWKS endpoint
encrypted by freshly generated CEK (Content Encryption Key) that is encrypted by one of asymetric key. Public parts of those keys are share by JWKS endpoint
available on this example application.
available on this example application.
See [WellKnownJwksController.java](src/main/java/com/onegini/oidc/WellKnownJwksController.java) for more information.
See [WellKnownJwksController.java](src/main/java/com/onegini/oidc/WellKnownJwksController.java) for more information.
See also [JSON Web Encryption (JWE) (https://tools.ietf.org/html/rfc7516)] for more information.
### EncryptionAlgorithms
### EncryptionAlgorithms
The [EncryptionAlgorithms.java](src/main/java/com/onegini/oidc/model/EncryptionAlgorithms.java) contains all algorithms that could be used by OP to encrypt the
The [EncryptionAlgorithms.java](src/main/java/com/onegini/oidc/model/EncryptionAlgorithms.java) contains all algorithms that could be used by OP to encrypt the
...
@@ -108,10 +109,10 @@ the `/logout` endpoint. If the user was logged in via an ID token, they are redi
...
@@ -108,10 +109,10 @@ the `/logout` endpoint. If the user was logged in via an ID token, they are redi
user and redirects it back to `http://localhost:8080/signout-callback-oidc`. Then the user is logged out in Spring Security and redirected to the home page.
user and redirects it back to `http://localhost:8080/signout-callback-oidc`. Then the user is logged out in Spring Security and redirected to the home page.
### WellKnownJwksController
### WellKnownJwksController
The [WellKnownJwksController.java](src/main/java/com/onegini/oidc/WellKnownJwksController.java) is responsible to return a JWKS list (for encryption purpose).
The [WellKnownJwksController.java](src/main/java/com/onegini/oidc/WellKnownJwksController.java) is responsible for returning the JWKS list (for encryption purpose).
It returns only that kind of keys that are supported on OP. However it's only an example and in production application there is strictly required to store keys
It returns only that kinds of keys that are supported by OP. However it's only an example and in production's application there is strictly required to store keys
in persistence storage and make a key rotation. Please keep in mind that OP gets the first key that matched its criteria so returning obsolete key on before
in the persistence storage and make a key rotation. Please keep in mind that OP gets the first key that matched its criteria so returning obsolete key before
fresh one is a mistake.
fresh one is a mistake. See [JSON Web Key (JWK) RFC-7517(https://tools.ietf.org/html/rfc7517)] for more information.
### JweKeyGenerator
### JweKeyGenerator
The [JweKeyGenerator.java](src/main/java/com/onegini/oidc/encryption/JweKeyGenerator.java) is responsible for key generation. It shows how to generate the RSA
The [JweKeyGenerator.java](src/main/java/com/onegini/oidc/encryption/JweKeyGenerator.java) is responsible for key generation. It shows how to generate the RSA
