NimbusJwtEncoder should simplify constructing with javax.security Keys

[jzheaux]

Currently to construct a NimbusJwtEncoder with a single key takes something like the following:

OctetSequenceKey jwk = new OctetSequenceKeyGenerator(256)
    .keyID(UUID.randomUUID().toString())
    .algorithm(JWSAlgorithm.HS256)
    .issueTime(new Date())
    .generate();
JWKSource<SecurityContext> source = new ImmutableJWKSet<>(new JWKSet(jwk));
NimbusJwtEncoder encoder = new NimbusJwtEncoder(source);

whereas to do the converse in NimbusJwtDecoder is simpler:

NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(key).build();

It would be nice if NimbusJwtEncoder offered similar behavior:

SecretKey key = ...
NimbusJwtEncoder.withSecretKey(key).build(); // or
NimbusJwtEncoder.withSecretKey(key).keyId(...).build(); // etc.

KeyPair keyPair = ... // RSA or EC
NimbusJwtEncoder.withKeyPair(keyPair).build(); // or
NimbusJwtEncoder.withKeyPair(keyPair).keyId(...).build(); // etc.

[jan-knoblich]

@jzheaux could you assign this to me?

[jzheaux]

Thanks, @jan-knoblich! I've assigned the issue to you.

[jan-knoblich]

@jzheaux quick question with regard to the keypair; do we want to dynamically check the keypair to get the used algorithm to create the correct ECkey/RSAkey/... or should we have the user specify?

[jzheaux]

Hi, @jan-knoblich. Can we do just one method? I like the idea of deducing the key for the user so that they don't accidentally call the wrong method.

[jan-knoblich]

Yeah sure, this seems doable.

Sorry my PC was broken for some time lol. Will get back to this soon.

[surajbh123]

Hi @jzheaux
I've implemented the builder method changes.
When you have a moment, please review the
PR: #17033