smolnar82 commented on code in PR #949:
URL: https://github.com/apache/knox/pull/949#discussion_r1834501261
##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/AbstractJWTFilter.java:
##########
@@ -512,17 +520,22 @@ protected boolean verifyTokenSignature(final JWT token) {
// If it has not yet been verified, then perform the verification now
if (!verified) {
try {
+ boolean hasPem = false;
+ boolean hasJWKS = false;
+
if (publicKey != null) {
+ hasPem = true;
verified = authority.verifyToken(token, publicKey);
log.pemVerificationResultMessage(verified);
}
if (!verified && expectedJWKSUrls != null &&
!expectedJWKSUrls.isEmpty()) {
+ hasJWKS = true;
verified = authority.verifyToken(token, expectedJWKSUrls,
expectedSigAlg, allowedJwsTypes);
log.jwksVerificationResultMessage(verified);
}
- if(!verified) {
+ if(!verified && ((!hasPem && !hasJWKS) || isJwtInstanceKeyFallback)) {
Review Comment:
Hi @pzampino!
Yes, I'm fine with those new proposed variable names, they sound more
accurate.
Thanks for your reply!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
