Andrea Cosentino created CAMEL-23760:
----------------------------------------
Summary: camel-oauth: require a JWK set to verify token signatures
in UserProfile
Key: CAMEL-23760
URL: https://issues.apache.org/jira/browse/CAMEL-23760
Project: Camel
Issue Type: Improvement
Components: camel-oauth
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
UserProfile token verification did not require a JWK set: when the configured
JWK set was missing or empty, the JWS signature check was skipped. This change
makes the signature check mandatory - when no JWK set is available to verify a
token, the token is rejected rather than accepted. Deployments with a correctly
resolved JWK set are unaffected; this aligns the legacy UserProfile path with
the JwtTokenValidator SPI path, which already fails closed on this condition.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
