[jira] [Updated] (CAMEL-23760) camel-oauth: require a JWK set to verify token signatures in UserProfile

Andrea Cosentino (Jira) Mon, 15 Jun 2026 06:35:28 -0700


     [ 
https://issues.apache.org/jira/browse/CAMEL-23760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrea Cosentino updated CAMEL-23760:
-------------------------------------
    Fix Version/s: 4.21.0
                   4.18.3
                   4.14.8

> camel-oauth: require a JWK set to verify token signatures in UserProfile
> ------------------------------------------------------------------------
>
>                 Key: CAMEL-23760
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23760
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-oauth
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.14.8, 4.18.3, 4.21.0
>
>
> UserProfile token verification did not require a JWK set: when the configured 
> JWK set was missing or empty, the JWS signature check was skipped. This 
> change makes the signature check mandatory - when no JWK set is available to 
> verify a token, the token is rejected rather than accepted. Deployments with 
> a correctly resolved JWK set are unaffected; this aligns the legacy 
> UserProfile path with the JwtTokenValidator SPI path, which already fails 
> closed on this condition.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CAMEL-23760) camel-oauth: require a JWK set to verify token signatures in UserProfile

Reply via email to