Spring Security NimbusJwtEncoder should simplify constructing with javax.security Keys

Currently to construct a NimbusJwtEncoder with a single key takes something like the following:

OctetSequenceKey jwk = new OctetSequenceKeyGenerator(256)
    .keyID(UUID.randomUUID().toString())
    .algorithm(JWSAlgorithm.HS256)
    .issueTime(new Date())
    .generate();
JWKSource<SecurityContext> source = new ImmutableJWKSet<>(new JWKSet(jwk));
NimbusJwtEncoder encoder = new NimbusJwtEncoder(source);

whereas to do the converse in NimbusJwtDecoder is simpler:

NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(key).build();

It would be nice if NimbusJwtEncoder offered similar behavior:

SecretKey key = ...
NimbusJwtEncoder.withSecretKey(key).build(); // or
NimbusJwtEncoder.withSecretKey(key).keyId(...).build(); // etc.

KeyPair keyPair = ... // RSA or EC
NimbusJwtEncoder.withKeyPair(keyPair).build(); // or
NimbusJwtEncoder.withKeyPair(keyPair).keyId(...).build(); // etc.

Comment From: jan-knoblich

@jzheaux could you assign this to me?

Comment From: jzheaux

Thanks, @jan-knoblich! I've assigned the issue to you.

Comment From: jan-knoblich

@jzheaux quick question with regard to the keypair; do we want to dynamically check the keypair to get the used algorithm to create the correct ECkey/RSAkey/... or should we have the user specify?

Comment From: jzheaux

Hi, @jan-knoblich. Can we do just one method? I like the idea of deducing the key for the user so that they don't accidentally call the wrong method.

Comment From: jan-knoblich

Yeah sure, this seems doable.

Sorry my PC was broken for some time lol. Will get back to this soon.

Comment From: surajbh123

Hi @jzheaux I've implemented the builder method changes. When you have a moment, please review the PR: https://github.com/spring-projects/spring-security/pull/17033