Remove signWith method from JwtBuilder Interface that takes String param

[dogeared]

In JwtBuilder, there's a variant of the signWith method:

JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey);

Although the method signature is clear, people may misunderstand its intent.

Removing this signature will force people to always sign with a byte[] or with a java.security.Key, thereby insuring that best practices are adhered to.

If we want to provide a way for developers for pass in a base64 encoded byte array, we could provide a static method elsewhere that takes a String, base64 decodes it, and returns a byte array.

Note: implementing this issue may address #143

[lhazlewood]

no need for a static method - they can use TextCodec.BASE64.decode(aString); :)

[EralpB]

This also got me puzzled.. I think you should remove the String version, I was just checking a string signature like "a" and created one JWT online in a custom manner, of course they didn't match and it was confusing a bit.

[lhazlewood]

Assigned to milestone 1.0 because this is a backwards-incompatible change that semver requires updating the major revision number

[lhazlewood]

Note: this should be done as part of #339

[pveeckhout]

can this ticket / issue be closed?

the method in question has been annotated with @Deprecated and will be removed in #339 as described above by @lhazlewood

[lhazlewood]

@pveeckhout you're right, this can be closed in favor of just using #339 to track the work. Thanks for the comment!