> On Nov 2, 2022, at 1:51 PM, Zoltán Tichov <zoltan.tic...@gmail.com> wrote: > > Hi! > > There is at least one new test method in TCK callEchoAgedToken() and added > a new feature > 'mp.jwt.verify.token.age'. This method failed, because it should return > with HttpURLConnection.HTTP_UNAUTHORIZED instead of > HttpURLConnection.HTTP_OK. > Am I right that this property should be checked in > org.apache.tomee.microprofile.jwt.MPJWTFilter?
That's exactly right. More than likely the jose4j library we use already supports token age -- definitely post if it doesn't cause then the problem is way harder. If it does already support something like token age, then the task becomes reading the new property and feeding that into `MPJWTFilter`. - `JWTAuthConfigurationProperties` is where we're currently reading the MP JWT properties - `JWTAuthConfiguration` is where the above class puts those properties once read (you'll need to make a new field there) Once that's done you can update `MPJWTFilter` to setup the JwtConsumerBuilder using the data in JWTAuthConfiguration if the user set it. -David
smime.p7s
Description: S/MIME cryptographic signature
