Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Confirm that expired or wrong aud JWT cause 401 even if the cert chain is valid #40883

Merged

Conversation

sberyozkin
Copy link
Member

Simple test update to confirm that if the OIDC token has a valid certificate chain but the general token verification fails (wrong audience, token is expired etc) then 401 is returned

CC @calvernaz

Copy link

quarkus-bot bot commented May 29, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit aa9704c.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

@sberyozkin sberyozkin merged commit 7fb79c0 into quarkusio:main May 29, 2024
20 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.12 - main milestone May 29, 2024
@sberyozkin sberyozkin deleted the oidc_valid_chain_but_invalid_claims branch May 29, 2024 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants