Summary
Migrate the custom Jwk data class to use the Nimbus JWK library (com.nimbusds:nimbus-jose-jwt) natively.
Motivation
The current codebase uses a hand-rolled Jwk data class for key representation. Nimbus already provides a full-featured JWK model that:
- Supports RFC 7638 JWK Thumbprint computation natively via
ThumbprintUtils.compute(JWK) / jwk.computeThumbprint().decode()
- Handles EC, OKP, RSA, and other key types out of the box
- Eliminates the need for manual canonical JSON construction in
jwkThumbprintBytes() in CborUtils.kt
A TODO was added in CborUtils.kt (PR #174) calling this out explicitly:
// TODO: Nimbus has ThumbprintUtils.compute(JWK) / jwk.computeThumbprint().decode() which does this natively,
// but it requires a Nimbus JWK instance. Replace once Jwk -> Nimbus migration ticket is done.
Acceptance Criteria
References
Summary
Migrate the custom
Jwkdata class to use the Nimbus JWK library (com.nimbusds:nimbus-jose-jwt) natively.Motivation
The current codebase uses a hand-rolled
Jwkdata class for key representation. Nimbus already provides a full-featuredJWKmodel that:ThumbprintUtils.compute(JWK)/jwk.computeThumbprint().decode()jwkThumbprintBytes()inCborUtils.ktA TODO was added in
CborUtils.kt(PR #174) calling this out explicitly:Acceptance Criteria
Jwkdata class withcom.nimbusds.jose.jwk.JWK(or appropriate Nimbus subclasses) across the codebasejwkThumbprintBytes()implementation inCborUtils.ktwith Nimbus native thumbprint computationIllegalArgumentExceptiondue to missingn/efields in the custom model)References