The PIA implementation, as of #2, does not know which issuers are generally supported. This information is provided via projects configuration.
As a consequence, preliminary issuer verification is a costly operation, which requires matching the issuer field of all projects in the projects configuration.
Using a list of generally known issuers would be an easy optimization.
Caveat:
While all GitHub projects have the same issuer, Jenkins project issuer URLs only have a common domain, but different path parts:
GitHub: https://token.actions.githubusercontent.com (needs full match)
Jenkins: https://ci.eclipse.org/* (needs prefix match)
related issue #5
The PIA implementation, as of #2, does not know which issuers are generally supported. This information is provided via projects configuration.
As a consequence, preliminary issuer verification is a costly operation, which requires matching the issuer field of all projects in the projects configuration.
Using a list of generally known issuers would be an easy optimization.
Caveat:
While all GitHub projects have the same issuer, Jenkins project issuer URLs only have a common domain, but different path parts:
GitHub:
https://token.actions.githubusercontent.com(needs full match)Jenkins:
https://ci.eclipse.org/*(needs prefix match)related issue #5