我想知道当从OpenID Connect端点检索JWKS时,Jose4J是否处理重定向http状态代码(例如307)。
我自己现在做检索并将JWKS传递给Jose4J,这被称为带外。 现在,当我切换网络时,我得到了很多307,并想知道让Jose4J在支持307和其他重定向状态时进行JWKS检索是否明智
HttpURLConnection.HTTP_MOVED_TEMP HttpURLConnection.HTTP_MOVED_PERM HttpURLConnection.HTTP_SEE_OTHER谢谢!
一月
I was wondering whether Jose4J handles the redirect http status codes (e.g. 307) when retrieving the JWKS from the OpenID Connect Endpoint.
I myself now do the retrieval and pass on the JWKS to Jose4J so called out of band. Now when i switched network i got a lot of 307's and wonder if it's wise to let Jose4J do the JWKS retrieval when it supports 307 and the other redirect statusses
HttpURLConnection.HTTP_MOVED_TEMP HttpURLConnection.HTTP_MOVED_PERM HttpURLConnection.HTTP_SEE_OTHERThanks!
Jan
最满意答案
是的,当向JWKS端点发出请求时,它将遵循重定向。 org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver使用org.jose4j.jwk.HttpsJwks ,它默认使用org.jose4j.http.Get ,然后使用java的HttpsURLConnection,它将遵循重定向,除非在类级别更改了行为: https://docs.oracle.com/javase/8/docs/api/java/net/HttpURLConnection.html#setFollowRedirects-boolean-
Yes, it will follow redirects when making requests to a JWKS endpoint. org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver uses org.jose4j.jwk.HttpsJwks that by default uses org.jose4j.http.Get which in turn uses java's HttpsURLConnection that will follow redirects unless the behaviour has been changed at the class level: https://docs.oracle.com/javase/8/docs/api/java/net/HttpURLConnection.html#setFollowRedirects-boolean-
更多推荐
发布评论