devon4j icon indicating copy to clipboard operation
devon4j copied to clipboard
verified publisher icon devonfw

Restructure JWT documentation

Open ssarmokadam opened this issue 4 years ago • 3 comments

Current documentation of JWT is at https://devonfw.com/website/pages/docs/devon4j.wiki_devon4j.asciidoc_guides.html#guide-jwt.asciidoc . We can add JWT overview/concept in General section of documentation. This documentation have link for Spring JWT starter and JWT in Quarkus. We need to check further if we can add more details or some code snippets in both of this section. Spring JWT and Quarkus JWT should be linked to General section document and vice versa.

ssarmokadam avatar Aug 26 '21 05:08 ssarmokadam

Hi @ssarmokadam ,

Can you explain what is the current benefit of the JWT-starter in devon4j? In the past I've used open libraries like https://github.com/auth0/java-jwt for working with JWT and that worked out quite easily with very less code. I'm thinking if we could deprecate the JWT module in favor of a generic documentation for both spring quarkus and spring.

baumeister25 avatar Apr 14 '22 12:04 baumeister25

As always the website links are meanwhile broken (404). For many years I am suggesting to never put these links and use github links instead but this seems to be like fighting windmills. The link to the guide on github is this one: https://github.com/devonfw/devon4j/blob/master/documentation/guide-jwt.asciidoc

hohwille avatar Jun 30 '22 17:06 hohwille

Can you explain what is the current benefit of the JWT-starter in devon4j? In the past I've used open libraries like https://github.com/auth0/java-jwt for working with JWT and that worked out quite easily with very less code. I'm thinking if we could deprecate the JWT module in favor of a generic documentation for both spring quarkus and spring.

I can give you a rationale: There are always two aspects:

  • authentication
  • authorization

JWT is mainly authentication but via claims it typically also contains permissions/roles that have impact on authorization. You need to integrate all this with spring-security and actually spring-security is rather a complex beast to get things done, secure and working smooth. With devon4j we actually wanted to give projects a jumpstart so they do not have to bother about all these aspects and get the integration out of the box. And we never implemented the JWT itself in devon4j (generation, validation, parsing, etc.). For this we are using spring (spring-security-jwt and jjwt) already and https://github.com/auth0/java-jwt is just an alternative implementation of it.

What I do not understand is what is actually missing to be addressed by this issue? I can find all the things properly documented and would actually close this issue. If someone can give a concrete aspect what is missing or to be improved, we can proceed. Otherwise, I will simply close this issue in the next weeks.

hohwille avatar Jun 30 '22 17:06 hohwille