Oliver Wulff created CXF-8645:
---------------------------------
Summary: Fix default authentication scheme for JWT authentication
filter
Key: CXF-8645
URL: https://issues.apache.org/jira/browse/CXF-8645
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 3.4.5, 3.5.1, 4.0.0
Reporter: Oliver Wulff
Assignee: Colm O hEigeartaigh
Fix For: 4.0.0
The default authentication scheme is as per spec "Bearer". This is described in
[RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750] and the [OAS
spec|[https://swagger.io/docs/specification/authentication/bearer-authentication/].]
For backwards compatibility you can fix this by setting the property
"expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
In the next major version the default should be updated and mentioned in the
migration guide.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
