[jboss-jira] [JBoss JIRA] (WFLY-13164) When "corrupted" public key is supplied to server, user is not informed
[
https://issues.redhat.com/browse/WFLY-13164?page=com.atlassian.jira.plugi...
]
Darran Lofthouse commented on WFLY-13164:
-----------------------------------------
I think Critical would be a more appropriate priority rather than requesting all releases
are delayed.
We do want to fix this ASAP but we are in a state where a deployment that would not work
remains in a state where it would not work the only difference is in the error reporting.
When "corrupted" public key is supplied to server, user is
not informed
-----------------------------------------------------------------------
Key: WFLY-13164
URL: https://issues.redhat.com/browse/WFLY-13164
Project: WildFly
Issue Type: Bug
Components: MP JWT
Affects Versions: 19.0.0.Beta2, 20.0.0.Beta1
Reporter: Jan Kasik
Assignee: Darran Lofthouse
Priority: Blocker
Attachments: CorruptedKeyTest.war
When corrupted public key (a valid key cannot be extracted from the string value) is
supplied to JWT verifier, user is not informed since there is no error message in log and
clients receives 401 status code in response instead of an error code of 500.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)