The jwt session JASPI module currently uses a keystore file and alias for encryption, and a static byte array for signing of JWTs. This should be changed to use the Secrets API.
The amount of impact on AM is: Low (AM has already overridden this class to integrate with the secrets API in 6.1)
The amount of impact on IDM is: Medium (We will make use of the work AM has done. This will require config change and providing the secrets provider to the service. This will also have UI impact)
The amount of impact on IG is: None - not used.
- The DefaultJwtCryptographyHandler is changed to use the Secrets API
- The Purpose.SIGN, Purpose.VERIFY, Purpose.KEY_ENCRYPTION and Purpose.KEY_DECRYPTION purposes are used by the module
- A SecretsProvider is expected in the initialization map, and is used to obtain the necessary secret values.