oscerd opened a new pull request, #24032: URL: https://github.com/apache/camel/pull/24032
## Description The `camel-oauth` `UserProfile` token verification skipped the JWS signature check when the configured JWK set was missing or empty, leaving the signature unverified in that case. This makes the signature check mandatory: - When no JWK set is available (`null` or empty), the token is now rejected with an `OAuthException` rather than accepted. - Deployments with a correctly resolved JWK set are unaffected. - This aligns the legacy `UserProfile` path with the `JwtTokenValidator` SPI path, which already fails closed on this condition. ## Behaviour change Documented in the 4.21 upgrade guide. ## Testing Adds `UserProfileTest` with three cases: rejection on an empty JWK set, rejection on a missing JWK set, and acceptance when the signature verifies against a matching key. _Claude Code on behalf of Andrea Cosentino._ 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
