You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment the JWT sets are dealt with in two different places. First mp.jwt.publickey.location is checked if it points to a JWK set resource in KeyLocationResolver. Next if an internal followMpJwt11Rules is set then it is assumed that instead of mp.jwt.publickey.locationjwksUri was set and the keys are loaded not in the resolver but in the parser. So we have two ways to point to JWKs, only one of them is used in smallrye-jwt while the jwksUri path is used via a followMpJwt11Rules diversion from Thorntail.
This really needs to change and followMpJwt11Rules needs to go as it is confusing (and will become more so when we move to newer versions of MP JWT). Instead KeyLocationResolver should keep all the code for loading the keys, for example, it can check if the location starts from https etc. JWTAuthContextInfojwksUri should also be renamed to publicKeyLocation or similar, otherwise at the moment, if is actually used to load PEM keys as well, it is initialized with mp.jwt.publickey.location which adds the extra confusion.
The text was updated successfully, but these errors were encountered:
At the moment the JWT sets are dealt with in two different places. First
mp.jwt.publickey.location
is checked if it points to a JWK set resource inKeyLocationResolver
. Next if an internalfollowMpJwt11Rules
is set then it is assumed that instead ofmp.jwt.publickey.location
jwksUri
was set and the keys are loaded not in the resolver but in the parser. So we have two ways to point to JWKs, only one of them is used in smallrye-jwt while thejwksUri
path is used via afollowMpJwt11Rules
diversion from Thorntail.This really needs to change and
followMpJwt11Rules
needs to go as it is confusing (and will become more so when we move to newer versions of MP JWT). InsteadKeyLocationResolver
should keep all the code for loading the keys, for example, it can check if the location starts fromhttps
etc.JWTAuthContextInfo
jwksUri
should also be renamed topublicKeyLocation
or similar, otherwise at the moment, if is actually used to load PEM keys as well, it is initialized withmp.jwt.publickey.location
which adds the extra confusion.The text was updated successfully, but these errors were encountered: