Consolidate the way JWK sets are loaded #82
Assignees
Milestone
Comments
|
Good opportunity to fix it now given that we plan to release |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At the moment the JWT sets are dealt with in two different places. First
mp.jwt.publickey.locationis checked if it points to a JWK set resource inKeyLocationResolver. Next if an internalfollowMpJwt11Rulesis set then it is assumed that instead ofmp.jwt.publickey.locationjwksUriwas set and the keys are loaded not in the resolver but in the parser. So we have two ways to point to JWKs, only one of them is used in smallrye-jwt while thejwksUripath is used via afollowMpJwt11Rulesdiversion from Thorntail.This really needs to change and
followMpJwt11Rulesneeds to go as it is confusing (and will become more so when we move to newer versions of MP JWT). InsteadKeyLocationResolvershould keep all the code for loading the keys, for example, it can check if the location starts fromhttpsetc.JWTAuthContextInfojwksUrishould also be renamed topublicKeyLocationor similar, otherwise at the moment, if is actually used to load PEM keys as well, it is initialized withmp.jwt.publickey.locationwhich adds the extra confusion.The text was updated successfully, but these errors were encountered: