OAuth server key
Our OAuth2ServerConfig
now generates a new keypair on startup. That's a bit annoying since all issued tokens are invalidated (wrong key sig).
We should load the JWK from a keystore, if available. If not, then generate keys and put them into a keystore file at ${data.dir}/generated.keystore
.
Here are some defaults:
@Value("${server.keystore.file:${data.dir}/generated.keystore}") String keystoreFile
@Value("${server.keystore.password:changeme}") String keystorePassword
@Value("${oauth2.server.keyAlias:JWK}") String serverKeyAlias
@Value("${oauth2.server.keyPassword:changeme}") String serverKeyPassword