1

I am using Smallrye JwtClaimsBuilder to build a token in my application.

Is it possible to use gzip to compress the body of the token? I couldn't find something in the documentation about this.

Of course I could use a different way to generate the token, but can it be validate by the quarkus framework?

Felix Backmann
  • 33
  • 3
  • What's the context? Why are you building token yourself? Don't you use an identity provider? – Codo Apr 30 '21 at 07:31
  • At the moment the project is in an very early state and to keep it simple we don't wanted to use an identity provider. – Felix Backmann Apr 30 '21 at 15:10
  • 1
    It's still unclear what role your Quarkus application has? Would it work like a resource server in an OAuth 2.0 context? And how should it verify the token is valid? – Codo Apr 30 '21 at 15:16
  • I wanted to build an web service based on this document [link](https://quarkus.io/guides/security-jwt). I changed the code for token generation in [link](https://quarkus.io/guides/security-jwt#generating-a-jwt), that it will work as an own endpoint which gives you a token after email and password are validated. Am I wrong that quarkus will validate the token based on the public key? And I only have the check Roles if needed in the annotation? – Felix Backmann May 03 '21 at 05:13
  • Gzip is outside the standard. So what you would have is an opaque token. However, Quarkus cannot validate opaque tokens with a public key. Instead it would call the introspection endpoint of the identity provider. Since you don't have an identity provider, the answer to your question is most likely "No". – Codo May 03 '21 at 06:18
  • Thank you for your explanation. So we have to use an itentity provider or we cannot match the requirement of gzip compression. – Felix Backmann May 03 '21 at 06:49
  • There are two more options: check the token and the roles manually (without `@RolesAllowed` and the like) or have a look at https://quarkus.io/guides/security-customization and try to customize the security context manually. Anyway, your setup and your requirements are unusual and therefore not really supported by any framework I'm aware of. – Codo May 03 '21 at 07:21
  • Thank you. I will discussed that and hopefully get rid of gzip. – Felix Backmann May 03 '21 at 07:47

0 Answers0