Skip to content

Migrate custom Jwk class to Nimbus JWK #176

Description

@coderabbitai

Summary

Migrate the custom Jwk data class to use the Nimbus JWK library (com.nimbusds:nimbus-jose-jwt) natively.

Motivation

The current codebase uses a hand-rolled Jwk data class for key representation. Nimbus already provides a full-featured JWK model that:

  • Supports RFC 7638 JWK Thumbprint computation natively via ThumbprintUtils.compute(JWK) / jwk.computeThumbprint().decode()
  • Handles EC, OKP, RSA, and other key types out of the box
  • Eliminates the need for manual canonical JSON construction in jwkThumbprintBytes() in CborUtils.kt

A TODO was added in CborUtils.kt (PR #174) calling this out explicitly:

// TODO: Nimbus has ThumbprintUtils.compute(JWK) / jwk.computeThumbprint().decode() which does this natively,
//  but it requires a Nimbus JWK instance. Replace once Jwk -> Nimbus migration ticket is done.

Acceptance Criteria

  • Replace the custom Jwk data class with com.nimbusds.jose.jwk.JWK (or appropriate Nimbus subclasses) across the codebase
  • Replace the manual jwkThumbprintBytes() implementation in CborUtils.kt with Nimbus native thumbprint computation
  • Ensure RSA key type is also supported (currently throws IllegalArgumentException due to missing n/e fields in the custom model)
  • Update all call sites and tests accordingly

References

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions