rusackas commented on code in PR #40869:
URL: https://github.com/apache/superset/pull/40869#discussion_r3376105413
##########
superset/mcp_service/jwt_verifier.py:
##########
@@ -447,6 +448,14 @@ async def load_access_token(self, token: str) ->
AccessToken | None: # noqa: C9
# Step 2: Get verification key (static or JWKS)
try:
verification_key = await self._get_verification_key(token)
+ except (httpx.HTTPError, OSError, TimeoutError) as e:
+ # Transient failure reaching or reading the JWKS endpoint.
+ # Treat it as an authentication failure (return None) instead
of
+ # letting the network error propagate as an unexpected
exception.
+ reason = "JWKS verification key unavailable"
+ _jwt_failure_reason.set(reason)
Review Comment:
Good catch. Fixed in 2a029caa94: WARNING now logs only the generic category
("Could not fetch JWKS verification key"), and the sanitized exception detail
(which may include the JWKS endpoint host) is moved to DEBUG, consistent with
the rest of the module's logging contract.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
