smallrye-jwt-3.3.0 is planned for tomorrow.
https://github.com/smallrye/smallrye-jwt/compare/495e2b8...77676d9
Most
of those updates are again the dependency updates, with 2 important fixes included:
- one is coming indirectly via an update to jose4j 0.7.9 (which will allow to re-enable a token encryption test in Quarkus which uses `A256KW` key encryption algorithm - for Java17)
- another one is to do with updating the token generation code to use the documented default key encryption algorithm which is now `RSA-OAEP` - at the moment `RSA-OAEP-256` which causes the confusion every time the smallrye-jwt server fails to decrypt a token - it happened for the 2nd time last week, took me awhile to realize it is because `RSA-OAEP` is expected by default.
I'm planning to do a 3.3.0 release as opposed to 3.2.2 as even though the last fix is technically a bug fix, one can at least imagine that a non-MP JWT server is expecting `RSA-OAEP-256` by default so this fix would affect it and require a config update - but don't think it is worth doing a 4.0.0 release
thanks, Sergey
Thanks, Sergey