> On Aug 30, 2022, at 3:10 PM, David Blevins <[email protected]> wrote: > > I'm digging through the test failures in the MP JWT TCK and one of them is a > test verifying support for downloading the keys for verifying JWTs via an > http call. > > The trick is the test is deploying an application that makes an HTTP request > to itself to get the public key and expects that to work. Since we validate > the configuration before the application is started, this does not work -- > the application can't call itself to make an HTTP request because it hasn't > been deployed yet. Chicken and egg.
Alrighty, we're down to just two failures in the MP JWT 2.0 TCK and both are due to the above. As mentioned, fixing this is going to require ripping the code up a bit and backwards incompatible changes to JWTAuthConfiguration which was user-facing in TomEE 8.0. Before I do that I'm tempted to take a look at implementing the unreleased JWT 2.1 requirements & TCK tests while my head is in this space. I know there's at least one change that I'm not a fan of and there may be others. I'd prefer to get that feedback in asap before that spec goes final, if possible. Anyway, things are looking good! -David
smime.p7s
Description: S/MIME cryptographic signature
