[
https://issues.apache.org/jira/browse/CAMEL-23760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on CAMEL-23760 started by Andrea Cosentino.
------------------------------------------------
> camel-oauth: require a JWK set to verify token signatures in UserProfile
> ------------------------------------------------------------------------
>
> Key: CAMEL-23760
> URL: https://issues.apache.org/jira/browse/CAMEL-23760
> Project: Camel
> Issue Type: Improvement
> Components: camel-oauth
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Major
>
> UserProfile token verification did not require a JWK set: when the configured
> JWK set was missing or empty, the JWS signature check was skipped. This
> change makes the signature check mandatory - when no JWK set is available to
> verify a token, the token is rejected rather than accepted. Deployments with
> a correctly resolved JWK set are unaffected; this aligns the legacy
> UserProfile path with the JwtTokenValidator SPI path, which already fails
> closed on this condition.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
