Closed Shikugawa closed 3 years ago
thanks for the change. So if the users are setting up the invalid static jwks, what are the behavior different before and after this PR? Before I think authservice will start successfully but fails as the jwt id token verification. how will it look like after this PR?
thanks for the change. So if the users are setting up the invalid static jwks, what are the behavior different before and after this PR? Before I think authservice will start successfully but fails as the jwt id token verification. how will it look like after this PR?
Yes. In previous code, if the user passed invalid JWKs then failed to verify token. But it is very odd behavior. We should assert users the JWKs are invalid.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: incfly, Shikugawa
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Signed-off-by: Shikugawa Shikugawa@gmail.com
In previous implementation, invalid JWKs will be accepted in
StaticJwksResolver
. With this PR, it will throw exception if invalid JWKs are passed through configuration.