Two votes are up in the TomEE community on what to do with PR #123 ( https://github.com/apache/tomee/pull/123 ). The first vote is if TomEE should merge it. The second vote is if TomEE should attempt to extract it.
Ok, this helps a lot. Thanks David!
It was said 3-4 times in the discussion between both communities "geronimo will have a jwt-auth impl." This is absolutely ok, there is no rule that two projects cannot do the same or similar thing. Apache Tamaya exists and there is a Geronimo Config, both aim at MicroProfile Config compliance. This is OK by ASF standards and one community is not judged good or bad for choosing to also implement something.
Yes, and with that said its even completely valid for us to take the code from TomEE and drop it in to a separate Geronimo library, if that's the route we take. However, we would need to figure out what that dividing line is in the code between standalone library & TomEE specific integration.
That said, decisions like this should be made by the project clearly. Some people may want to move ahead now. Some people may want to wait and see how things go with TomEE.
Vote: Move ahead with creating a reusable JWT module
+1 Let's get on this, now. There may be two impls, but that's ok.
-1 Let's wait / maybe later / other
+1 for what you've said.