smallrye-jwt 3.3.0 is planned for tomorrow 24 July

[Sergey Beryozkin]

Hi,

smallrye-jwt-3.3.0 is planned for tomorrow.

All Commits:

https://github.com/smallrye/smallrye-jwt/compare/495e2b8...77676d9

Affected source:

https://github.com/smallrye/smallrye-jwt/compare/495e2b8...77676d9

Most of those updates are again the dependency updates, with 2 important fixes included:

- one is coming indirectly via an update to jose4j 0.7.9 (which will allow to re-enable a token encryption test in Quarkus which uses `A256KW` key encryption algorithm - for Java17)

- another one is to do with updating the token generation code to use the documented default key encryption algorithm which is now `RSA-OAEP` - at the moment `RSA-OAEP-256` which causes the confusion every time the smallrye-jwt server fails to decrypt a token - it happened for the 2nd time last week, took me awhile to realize it is because `RSA-OAEP` is expected by default.

I'm planning to do a 3.3.0 release as opposed to 3.2.2 as even though the last fix is technically a bug fix, one can at least imagine that a non-MP JWT server is expecting `RSA-OAEP-256` by default so this fix would affect it and require a config update - but don't think it is worth doing a 4.0.0 release

thanks, Sergey

Thanks, Sergey

[Sergey Beryozkin]

The correct links are below:

https://github.com/smallrye/smallrye-jwt/compare/0a81237..f061a91

https://github.com/smallrye/smallrye-jwt/compare/0a81237...f061a91

[Sergey Beryozkin]

It failed with Input required and not supplied: token

https://github.com/smallrye/smallrye-jwt/runs/3416292528?check_suite_focus=true

Roberto, when you get a chance, can you check it please - perhaps something needs to be refreshed (admin token, etc)

Thanks, Sergey

[Sergey Beryozkin]

I've just retried and the release is still failing with the same error (Input required and not supplied: token) - but I've also seen the latest smallrye-parent release done successfully.

Strange as I did 3.2.1 a few weeks ago without any problems...

Phillip, have you configured anything to make it work or it just worked for you ?

Thanks, Sergey

[Phillip Kruger]

I have not done anything no. 

--
You received this message because you are subscribed to the Google Groups "SmallRye" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smallrye+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/smallrye/CAOtGrGJXonoCOXZK6%3D-tOaYp%3DvVuqRZo_3DatoUX1-%2BVHZ0iCg%40mail.gmail.com.

[Sergey Beryozkin]

I forgot the release PR can't be opened from a fork, Roberto reminded me :-)

So I'm going to go ahead with another try shortly, but 3.3.0 will also include MpJWT 1.2.2 - it ships jose 0.7.9 as its TCK dependency directly

All Commits:

https://github.com/smallrye/smallrye-jwt/compare/495e2b8...50e3dc5

Affected source:

https://github.com/smallrye/smallrye-jwt/compare/495e2b8...50e3dc5

thanks

To view this discussion on the web visit https://groups.google.com/d/msgid/smallrye/CAEyd7D6-TPozvn%2BQVcXuAk8OybepSP7m0SnVxC0yjMNDPKopag%40mail.gmail.com.