-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove signWith method from JwtBuilder Interface that takes String param #146
Comments
no need for a static method - they can use |
This also got me puzzled.. I think you should remove the String version, I was just checking a string signature like "a" and created one JWT online in a custom manner, of course they didn't match and it was confusing a bit. |
Assigned to milestone 1.0 because this is a backwards-incompatible change that semver requires updating the major revision number |
Note: this should be done as part of #339 |
can this ticket / issue be closed? the method in question has been annotated with |
@pveeckhout you're right, this can be closed in favor of just using #339 to track the work. Thanks for the comment! |
In
JwtBuilder
, there's a variant of thesignWith
method:Although the method signature is clear, people may misunderstand its intent.
Removing this signature will force people to always sign with a
byte[]
or with ajava.security.Key
, thereby insuring that best practices are adhered to.If we want to provide a way for developers for pass in a base64 encoded byte array, we could provide a static method elsewhere that takes a String, base64 decodes it, and returns a byte array.
Note: implementing this issue may address #143
The text was updated successfully, but these errors were encountered: