Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix a key location comparison in case of HS256 #819

Merged
merged 1 commit into from
Aug 19, 2024

Conversation

sberyozkin
Copy link
Contributor

Fixes #817.

It is a minor follow up to #815.
In case of HS256 the code on main checks if the resolvedLocation has been assigned to the MP JWT (public) key location property and fails if it is the case. But in #815, a new smallrye.jwt.verify.secretkey property is used thus the resolved location, even though it remains assigned by default to the MP JWT location, is NONE.

So this PR adds an extra check. Unfortunately tests in testsuite/basic for #815 are not using application.properties and it was missed. Tested at quarkusio/quarkus#42629, though as suggested earlier, some good clean up of tests and also of the initial bootstrap code would have to be done at some point

@sberyozkin sberyozkin added this to the 4.6.0 milestone Aug 19, 2024
@sberyozkin sberyozkin requested a review from MikeEdgar August 19, 2024 17:43
@sberyozkin sberyozkin merged commit 0798f11 into smallrye:main Aug 19, 2024
7 checks passed
@sberyozkin sberyozkin deleted the fix_key_location_comparison branch August 19, 2024 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

HS256 inline support inconsistent
2 participants