slloyd09 commented on issue #62876: URL: https://github.com/apache/airflow/issues/62876#issuecomment-4004965729
### Validation of PR #62883 Fix I applied the proposed changes from [PR #62883](https://github.com) to my environment, but the issue persists with a new failure mode. **Observations after applying the PR fix:** * The initial `Missing 'kid' in token header` error was resolved as the PR successfully injects the `kid` into the internal session token. * However, the session is still rejected with a signature error: `[error] JWT token is not valid: Signature verification failed [airflow.api_fastapi.auth.managers.base_auth_manager]` **Technical Summary:** Even when the `kid` header is present, there appears to be a cryptographic or structural mismatch between the token produced by the **Keycloak Provider (3.1.7)** during `login_callback` and what the **Airflow 3 Core FastAPI** validator expects. This suggests that the internal `generate_jwt` method in the provider may be using different signing defaults (claims, algorithms, or secret handling) than the core validator. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
