Affects Version/s: None
Fix Version/s: v2.5.0
Support for easier and safer to use HMAC-signed tokens (i.e. shared secret instead of deploying PKI)
OAuth AS endpoint should support 2 additional configuration parameters:
- signingAlgorithm (default RS256, allow for other RS* and HS* variants from JWSAlgorithm)
- signingSecret (optional, required in configuration if signingAlgorithm is set to any HS* variant).
Signing of tokens should be enhanced to use the above options.