HS256 inline support inconsistent

Following up to https://github.com/quarkusio/quarkus/discussions/42550 and https://github.com/smallrye/smallrye-jwt/issues/814 . Consolidating all the test cases here:

Defining the variables...

secretKey.jwk contains a k that is BASE64 secret key, as follows:

{
  "kty": "oct",
  "kid": "Sb6ml8Bc7sTDQw/",
  "k": "cDEzUGZEZEMzam1KUHBNMFFUNWR6L3pwdHRSRWJJelJ1ZE56MzRJbEhEZUtrVy9LZjJkVGhibVJaUVhQU3IveDdYU3BvN2FjSmNxbmdhbmFRejdSQTFnPT0=",
  "alg": "HS256"
}

defining a jwk_base64 that is the entire secretKey.jwk file converted into a BASE64URL string, that is:

ew0KICAia3R5IjogIm9jdCIsDQogICJraWQiOiAiU2I2bWw4QmM3c1REUXcvIiwNCiAgImsiOiAiY0RFelVHWkVaRU16YW0xS1VIQk5NRkZVTldSNkwzcHdkSFJTUldKSmVsSjFaRTU2TXpSSmJFaEVaVXRyVnk5TFpqSmtWR2hpYlZKYVVWaFFVM0l2ZURkWVUzQnZOMkZqU21OeGJtZGhibUZSZWpkU1FURm5QVDA9IiwNCiAgImFsZyI6ICJIUzI1NiINCn0

there also exist a file secretKey_url.jwk that contains only the content of jwk_base64

Now for the 2 successful use cases: comes from using the JWKs as files in either JSON or BASE64URL format:

smallrye.jwt.verify.key-format = JWK
smallrye.jwt.verify.key.location = secretKey.jwk
smallrye.jwt.verify.algorithm = HS256

and

smallrye.jwt.verify.key-format = JWK_BASE64URL
smallrye.jwt.verify.key.location = secretKey_url.jwk
smallrye.jwt.verify.algorithm = HS256

Unsuccessful cases include different ways of using the symmetric key inline:

smallrye.jwt.verify.key-format = JWK_BASE64URL
mp.jwt.verify.publickey = ew0KICAia3R5IjogIm9jdCIsDQogICJraWQiOiAiU2I2bWw4QmM3c1REUXcvIiwNCiAgImsiOiAiY0RFelVHWkVaRU16YW0xS1VIQk5NRkZVTldSNkwzcHdkSFJTUldKSmVsSjFaRTU2TXpSSmJFaEVaVXRyVnk5TFpqSmtWR2hpYlZKYVVWaFFVM0l2ZURkWVUzQnZOMkZqU21OeGJtZGhibUZSZWpkU1FURm5QVDA9IiwNCiAgImFsZyI6ICJIUzI1NiINCn0
smallrye.jwt.verify.algorithm = HS256

leading to a error id: e4239d1a-0464-436e-b22b-e8c82e11e432-5: jakarta.enterprise.inject.spi.DeploymentException: SRJWT02000: HMAC verification algorithms are not supported when the 'mp.jwt.verify.publickey.location' property is set, use 'smallrye.jwt.verify.key.location' instead error, which is odd because I don't have smallrye.jwt.verify.key.location set in this case

The following cases all lead to the same error. If I use the BASE64 JWT:

mp.jwt.verify.algorithm=HS256
mp.jwt.verify.publickey = ew0KICAia3R5IjogIm9jdCIsDQogICJraWQiOiAiU2I2bWw4QmM3c1REUXcvIiwNCiAgImsiOiAiY0RFelVHWkVaRU16YW0xS1VIQk5NRkZVTldSNkwzcHdkSFJTUldKSmVsSjFaRTU2TXpSSmJFaEVaVXRyVnk5TFpqSmtWR2hpYlZKYVVWaFFVM0l2ZURkWVUzQnZOMkZqU21OeGJtZGhibUZSZWpkU1FURm5QVDA9IiwNCiAgImFsZyI6ICJIUzI1NiINCn0

Or using k:

mp.jwt.verify.algorithm=HS256
mp.jwt.verify.publickey = cDEzUGZEZEMzam1KUHBNMFFUNWR6L3pwdHRSRWJJelJ1ZE56MzRJbEhEZUtrVy9LZjJkVGhibVJaUVhQU3IveDdYU3BvN2FjSmNxbmdhbmFRejdSQTFnPT0=

Or using the JWT file

mp.jwt.verify.algorithm = HS256
mp.jwt.verify.publickey.location = secretKey.jwk

Or using the BASE file

mp.jwt.verify.algorithm = HS256
mp.jwt.verify.publickey.location = secretKey_url.jwk

all leads to a Authentication failed: io.smallrye.jwt.auth.principal.ParseException: SRJWT07000: Failed to verify a token and org.jose4j.lang.UnresolvableKeyException: SRJWT07004: Failed to load a key from the key content while resolving error.

As a sidenote, I pulled 64becff to test https://github.com/smallrye/smallrye-jwt/issues/814 and tried to build it locally, but wasn't able to build it. I get this error during mvn clean install -X:

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for SmallRye: MicroProfile JWT Parent 4.5.4-SNAPSHOT:
[INFO]
[INFO] SmallRye: MicroProfile JWT Parent .................. SUCCESS [  1.493 s]
[INFO] SmallRye: MicroProfile JWT - Implementation Parent . SUCCESS [  3.527 s]
[INFO] SmallRye: MicroProfile JWT Implementation Common ... SUCCESS [  6.639 s]
[INFO] SmallRye: MicroProfile JWT Build Implementation .... SUCCESS [  8.044 s]
[INFO] SmallRye: MicroProfile JWT Implementation .......... SUCCESS [ 17.910 s]
[INFO] SmallRye: MicroProfile JWT JAX-RS Implementation ... SUCCESS [  3.501 s]
[INFO] SmallRye: MicroProfile JWT HTTP Mechanism Implementation SUCCESS [  3.238 s]
[INFO] SmallRye: MicroProfile JWT CDI Extension Implementation SUCCESS [  2.938 s]
[INFO] SmallRye: MicroProfile JWT - Testsuite Parent ...... SUCCESS [  0.034 s]
[INFO] SmallRye: MicroProfile JWT Basic Testsuite ......... SUCCESS [  5.496 s]
[INFO] SmallRye: MicroProfile JWT TCK ..................... FAILURE [  4.378 s]
[INFO] Empty Release Project to Avoid Maven Bug ........... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

ERROR] Please refer to C:\github\smallrye-jwt\testsuite\tck\target\surefire-reports for the individual test results.
[ERROR] Please refer to dump files (if any exist) [date].dump, [date]-jvmRun[N].dump and [date].dumpstream.
[ERROR] There was an error in the forked process
[ERROR] Suite file C:\github\smallrye-jwt\testsuite\tck\target\tck-suite\suites\tck-base-suite.xml is not a valid file
[ERROR] org.apache.maven.surefire.api.testset.TestSetFailedException: Suite file C:\github\smallrye-jwt\testsuite\tck\target\tck-suite\suites\tck-base-suite.xml is not a valid file
[ERROR]         at org.apache.maven.surefire.testng.TestNGXmlTestSuite.locateTestSets(TestNGXmlTestSuite.java:89)
[ERROR]         at org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:112)
[ERROR]         at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:385)
[ERROR]         at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:162)
[ERROR]         at org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:507)
[ERROR]         at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:495)
[ERROR]
[ERROR] org.apache.maven.surefire.booter.SurefireBooterForkException: There was an error in the forked process
[ERROR] Suite file C:\github\smallrye-jwt\testsuite\tck\target\tck-suite\suites\tck-base-suite.xml is not a valid file
[ERROR] org.apache.maven.surefire.api.testset.TestSetFailedException: Suite file C:\github\smallrye-jwt\testsuite\tck\target\tck-suite\suites\tck-base-suite.xml is not a valid file
[ERROR]         at org.apache.maven.surefire.testng.TestNGXmlTestSuite.locateTestSets(TestNGXmlTestSuite.java:89)
[ERROR]         at org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:112)
[ERROR]         at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:385)
[ERROR]         at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:162)
[ERROR]         at org.apache.maven.surefire.booter.ForkedBooter.run(ForkedBooter.java:507)
[ERROR]         at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:495)
[ERROR]
[ERROR]         at org.apache.maven.plugin.surefire.booterclient.ForkStarter.fork(ForkStarter.java:628)
[ERROR]         at org.apache.maven.plugin.surefire.booterclient.ForkStarter.run(ForkStarter.java:285)
[ERROR]         at org.apache.maven.plugin.surefire.booterclient.ForkStarter.run(ForkStarter.java:250)
[ERROR]         at org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeProvider(AbstractSurefireMojo.java:1224)
[ERROR]         at org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeAfterPreconditionsChecked(AbstractSurefireMojo.java:1073)
[ERROR]         at org.apache.maven.plugin.surefire.AbstractSurefireMojo.execute(AbstractSurefireMojo.java:907)
[ERROR]         at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:126)
[ERROR]         at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2(MojoExecutor.java:328)
[ERROR]         at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute(MojoExecutor.java:316)
[ERROR]         at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)
[ERROR]         at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:174)
[ERROR]         at org.apache.maven.lifecycle.internal.MojoExecutor.access$000(MojoExecutor.java:75)
[ERROR]         at org.apache.maven.lifecycle.internal.MojoExecutor$1.run(MojoExecutor.java:162)
[ERROR]         at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute(DefaultMojosExecutionStrategy.java:39)
[ERROR]         at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:159)
[ERROR]         at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:105)
[ERROR]         at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:73)
[ERROR]         at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:53)
[ERROR]         at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:118)
[ERROR]         at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:261)
[ERROR]         at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:173)
[ERROR]         at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:101)
[ERROR]         at org.apache.maven.cli.MavenCli.execute(MavenCli.java:903)
[ERROR]         at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:280)
[ERROR]         at org.apache.maven.cli.MavenCli.main(MavenCli.java:203)
[ERROR]         at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
[ERROR]         at java.base/java.lang.reflect.Method.invoke(Method.java:580)
[ERROR]         at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:255)
[ERROR]         at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:201)
[ERROR]         at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:361)
[ERROR]         at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:314)

Trying to use this file: https://github.com/eclipse/microprofile-jwt-auth/blob/main/tck/src/test/resources/suites/tck-base-suite.xml and saving it at a few different locations under testsuites\tck-suite\suites\ doesn't seem to field anything helpful.

@jfslin You need to use Maven 3.9.2 at the moment as something got broken in Maven 3.9.3+ and this jar is part of the MP JWT release, it will require a new release of the spec to get around it somehow.

So, can you build the latest source with Maven 3.9.2, and do

smallrye.jwt.verify.secretkey = ew0KICAia3R5IjogIm9jdCIsDQogICJraWQiOiAiU2I2bWw4QmM3c1REUXcvIiwNCiAgImsiOiAiY0RFelVHWkVaRU16YW0xS1VIQk5NRkZVTldSNkwzcHdkSFJTUldKSmVsSjFaRTU2TXpSSmJFaEVaVXRyVnk5TFpqSmtWR2hpYlZKYVVWaFFVM0l2ZURkWVUzQnZOMkZqU21OeGJtZGhibUZSZWpkU1FURm5QVDA9IiwNCiAgImFsZyI6ICJIUzI1NiINCn0
smallrye.jwt.verify.algorithm = HS256

@jfslin The only other inline option for the secret key is:

smallrye.jwt.verify.secretkey =  {jwk json}
smallrye.jwt.verify.algorithm = HS256

But I've no idea how to correctly set JSON in application.properties.

So, let's just focus on one of these 2 cases.

The tests I added yesterday confirm it must work.

@sberyozkin I have switched to Maven 3.9.2 but seem to not be able to generate the proper files. It now builds properly but it does not produce a jar file at either C:\github\smallrye-jwt\testsuite\tck\target or C:\github\smallrye-jwt\release\target or C:\Users\user\.m2\repository\io\smallrye\smallrye-jwt-release\4.5.4-SNAPSHOT. Is there another setting I need to clear to avoid Building Empty Release Project to Avoid Maven Bug 4.5.4-SNAPSHOT or JAR will be empty - no content was marked for inclusion!

[INFO] --- jar:3.4.2:jar (default-jar) @ smallrye-jwt-tck ---
[WARNING] JAR will be empty - no content was marked for inclusion!
[INFO] Building jar: C:\github\smallrye-jwt\testsuite\tck\target\smallrye-jwt-tck-4.5.4-SNAPSHOT.jar
[INFO]
[INFO] --- source:3.3.1:jar-no-fork (attach-sources) @ smallrye-jwt-tck ---
[INFO] No sources in project. Archive not created.
[INFO]
[INFO] --- install:3.1.2:install (default-install) @ smallrye-jwt-tck ---
[INFO] Skipping artifact installation
[INFO]
[INFO] ------------------< io.smallrye:smallrye-jwt-release >------------------
[INFO] Building Empty Release Project to Avoid Maven Bug 4.5.4-SNAPSHOT [12/12]
[INFO]   from release\pom.xml
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- clean:3.4.0:clean (default-clean) @ smallrye-jwt-release ---
[INFO] Deleting C:\github\smallrye-jwt\release\target
[INFO]
[INFO] --- buildnumber:3.2.0:create (get-scm-revision) @ smallrye-jwt-release ---
[INFO]
[INFO] --- formatter:2.22.0:format (format-sources) @ smallrye-jwt-release ---
[INFO]
[INFO] --- impsort:1.9.0:sort (sort-imports) @ smallrye-jwt-release ---
[INFO] Processed 0 files in 00:00.000 (Already Sorted: 0, Needed Sorting: 0)
[INFO]
[INFO] --- compiler:3.13.0:compile (default-compile) @ smallrye-jwt-release ---
[INFO] No sources to compile
[INFO]
[INFO] --- source:3.3.1:jar-no-fork (attach-sources) @ smallrye-jwt-release ---
[INFO]
[INFO] --- install:3.1.2:install (default-install) @ smallrye-jwt-release ---
[INFO] Installing C:\github\smallrye-jwt\release\pom.xml to C:\Users\user\.m2\repository\io\smallrye\smallrye-jwt-release\4.5.4-SNAPSHOT\smallrye-jwt-release-4.5.4-SNAPSHOT.pom
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for SmallRye: MicroProfile JWT Parent 4.5.4-SNAPSHOT:
[INFO]
[INFO] SmallRye: MicroProfile JWT Parent .................. SUCCESS [  7.560 s]
[INFO] SmallRye: MicroProfile JWT - Implementation Parent . SUCCESS [  1.178 s]
[INFO] SmallRye: MicroProfile JWT Implementation Common ... SUCCESS [  5.798 s]
[INFO] SmallRye: MicroProfile JWT Build Implementation .... SUCCESS [  7.111 s]
[INFO] SmallRye: MicroProfile JWT Implementation .......... SUCCESS [ 17.102 s]
[INFO] SmallRye: MicroProfile JWT JAX-RS Implementation ... SUCCESS [  1.600 s]
[INFO] SmallRye: MicroProfile JWT HTTP Mechanism Implementation SUCCESS [  0.912 s]
[INFO] SmallRye: MicroProfile JWT CDI Extension Implementation SUCCESS [  0.456 s]
[INFO] SmallRye: MicroProfile JWT - Testsuite Parent ...... SUCCESS [  0.015 s]
[INFO] SmallRye: MicroProfile JWT Basic Testsuite ......... SUCCESS [  8.454 s]
[INFO] SmallRye: MicroProfile JWT TCK ..................... SUCCESS [01:01 min]
[INFO] Empty Release Project to Avoid Maven Bug ........... SUCCESS [  0.047 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  01:52 min
[INFO] Finished at: 2024-08-18T14:02:20-04:00
[INFO] ------------------------------------------------------------------------

I agree with you, I think the smallrye.jwt.verify.secretkey = BASE64URL makes more sense then having to parse JSON in the application.property, and think this is a good way to go. Especially since most people using this argument would need to do the BASE64URL conversion for other parts of the JSON object anyway.

@jfslin Now that you have built it, use 4.5.4-SNAPSHOT smallrye jwt dependency...

@jfslin I've done a quick test with your k and both raw JSON and Base64 encoded one work:

diff --git a/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/KeyLocationResolverTest.java b/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/KeyLocationResolverTest.java
index 23c5bfe..728af04 100644
--- a/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/KeyLocationResolverTest.java
+++ b/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/KeyLocationResolverTest.java
@@ -199,7 +199,7 @@ class KeyLocationResolverTest {
         JWTAuthContextInfoProvider provider = JWTAuthContextInfoProvider
                 .create("{\n"
                         + " \"kty\":\"oct\",\n"
-                        + " \"k\":\"Fdh9u8rINxfivbrianbbVT1u232VQBZYKx1HGAGPt2I\"\n"
+                        + " \"k\":\"cDEzUGZEZEMzam1KUHBNMFFUNWR6L3pwdHRSRWJJelJ1ZE56MzRJbEhEZUtrVy9LZjJkVGhibVJaUVhQU3IveDdYU3BvN2FjSmNxbmdhbmFRejdSQTFnPT0=\"\n"
                         + " }",
                         null,
                         true,
@@ -217,7 +217,7 @@ class KeyLocationResolverTest {
         String jwtString = Jwt.issuer("https://server.example.com").upn("Alice").sign("secretKey.jwk");
         byte[] bytes = ("{\n"
                 + " \"kty\":\"oct\",\n"
-                + " \"k\":\"Fdh9u8rINxfivbrianbbVT1u232VQBZYKx1HGAGPt2I\"\n"
+                + " \"k\":\"cDEzUGZEZEMzam1KUHBNMFFUNWR6L3pwdHRSRWJJelJ1ZE56MzRJbEhEZUtrVy9LZjJkVGhibVJaUVhQU3IveDdYU3BvN2FjSmNxbmdhbmFRejdSQTFnPT0=\"\n"
                 + " }").getBytes(StandardCharsets.UTF_8);
         JWTAuthContextInfoProvider provider = JWTAuthContextInfoProvider
                 .create(Base64.getUrlEncoder().withoutPadding().encodeToString(bytes),
diff --git a/testsuite/basic/src/test/resources/secretKey.jwk b/testsuite/basic/src/test/resources/secretKey.jwk
index 96c6aa4..b9a8909 100644
--- a/testsuite/basic/src/test/resources/secretKey.jwk
+++ b/testsuite/basic/src/test/resources/secretKey.jwk
@@ -1,4 +1,4 @@
 {
  "kty":"oct",
- "k":"Fdh9u8rINxfivbrianbbVT1u232VQBZYKx1HGAGPt2I"
- }
\ No newline at end of file
+ "k":"cDEzUGZEZEMzam1KUHBNMFFUNWR6L3pwdHRSRWJJelJ1ZE56MzRJbEhEZUtrVy9LZjJkVGhibVJaUVhQU3IveDdYU3BvN2FjSmNxbmdhbmFRejdSQTFnPT0="
+ }

So let me close this issue. I'll need to fix a couple of other issues and then I'll release 4.5.4, hopefully this week

@sberyozkin sorry for the very novice questions, but I've gotten it included now.

A quick followup. Using

smallrye.jwt.verify.secretkey = ew0KICAia3R5IjogIm9jdCIsDQogICJraWQiOiAiU2I2bWw4QmM3c1REUXcvIiwNCiAgImsiOiAiY0RFelVHWkVaRU16YW0xS1VIQk5NRkZVTldSNkwzcHdkSFJTUldKSmVsSjFaRTU2TXpSSmJFaEVaVXRyVnk5TFpqSmtWR2hpYlZKYVVWaFFVM0l2ZURkWVUzQnZOMkZqU21OeGJtZGhibUZSZWpkU1FURm5QVDA9IiwNCiAgImFsZyI6ICJIUzI1NiINCn0
smallrye.jwt.verify.algorithm = HS256

I still get stuck at

d953-f812-49c2-b503-5bc5d2f290a8-5: jakarta.enterprise.inject.spi.DeploymentException: SRJWT02000: HMAC verification algorithms are not supported when the 'mp.jwt.verify.publickey.location' property is set, use 'smallrye.jwt.verify.key.location' instead

I am not sure if I should be doing this, but bypassing the mpJwtPublicKeyAlgorithm.isPresent() check in JWTAuthContextInfoProvider:842 with the following

smallrye.jwt.verify.secretkey = ew0KICAia3R5IjogIm9jdCIsDQogICJraWQiOiAiU2I2bWw4QmM3c1REUXcvIiwNCiAgImsiOiAiY0RFelVHWkVaRU16YW0xS1VIQk5NRkZVTldSNkwzcHdkSFJTUldKSmVsSjFaRTU2TXpSSmJFaEVaVXRyVnk5TFpqSmtWR2hpYlZKYVVWaFFVM0l2ZURkWVUzQnZOMkZqU21OeGJtZGhibUZSZWpkU1FURm5QVDA9IiwNCiAgImFsZyI6ICJIUzI1NiINCn0
smallrye.jwt.verify.algorithm = HS256
mp.jwt.verify.publickey.algorithm = HS256

now works. I'm good to go now. Thank you so much.

I'll keep an eye out for the official 4.5.4 release.

@jfslin Np at all

smallrye.jwt.verify.secretkey = ew0KICAia3R5IjogIm9jdCIsDQogICJraWQiOiAiU2I2bWw4QmM3c1REUXcvIiwNCiAgImsiOiAiY0RFelVHWkVaRU16YW0xS1VIQk5NRkZVTldSNkwzcHdkSFJTUldKSmVsSjFaRTU2TXpSSmJFaEVaVXRyVnk5TFpqSmtWR2hpYlZKYVVWaFFVM0l2ZURkWVUzQnZOMkZqU21OeGJtZGhibUZSZWpkU1FURm5QVDA9IiwNCiAgImFsZyI6ICJIUzI1NiINCn0
smallrye.jwt.verify.algorithm = HS256
mp.jwt.verify.publickey.algorithm = HS256

mp.jwt.verify.publickey.algorithm = HS256 must not be required, I'll have a quick look a bit later, but we definitely don't want users to use a property for referring to the public key algorithms to set a symmetric one

@jfslin FYI, #819, thanks for early testing...

smallrye / smallrye-jwt

HS256 inline support inconsistent #817