smallrye-jwt 3.3.0 is planned for tomorrow 24 July

2 views
Skip to first unread message

Sergey Beryozkin

unread,
Aug 23, 2021, 10:56:31 AM8/23/21
to SmallRye
Hi,

smallrye-jwt-3.3.0 is planned for tomorrow.

All Commits:

Affected source:

https://github.com/smallrye/smallrye-jwt/compare/495e2b8...77676d9

Most of those updates are again the dependency updates, with 2 important fixes included:
- one is coming indirectly via an update to jose4j 0.7.9 (which will allow to re-enable a token encryption test in Quarkus which uses `A256KW` key encryption algorithm - for Java17)
- another one is to do with updating the token generation code to use the documented default key encryption algorithm which is now `RSA-OAEP` - at the moment `RSA-OAEP-256` which causes the confusion every time the smallrye-jwt server fails to decrypt a token - it happened for the 2nd time last week, took me awhile to realize it is because `RSA-OAEP` is expected by default.

I'm planning to do a 3.3.0 release as opposed to 3.2.2 as even though the last fix is technically a bug fix, one can at least imagine that a non-MP JWT server is expecting `RSA-OAEP-256` by default so this fix would affect it and require a config update - but don't think it is worth doing a 4.0.0 release

thanks, Sergey

Thanks, Sergey

Sergey Beryozkin

unread,
Aug 23, 2021, 11:01:15 AM8/23/21
to SmallRye

Sergey Beryozkin

unread,
Aug 25, 2021, 8:27:21 AM8/25/21
to SmallRye
It failed with Input required and not supplied: token

Roberto, when you get a chance, can you check it please - perhaps something needs to be refreshed (admin token, etc)

Thanks, Sergey

Sergey Beryozkin

unread,
Aug 30, 2021, 5:52:58 PM8/30/21
to SmallRye
I've just retried and the release is still failing with the same error (Input required and not supplied: token) - but I've also seen the latest smallrye-parent release done successfully.
Strange as I did 3.2.1 a few weeks ago without any problems...
Phillip, have you configured anything to make it work or it just worked for you ?

Thanks, Sergey

Phillip Kruger

unread,
Aug 31, 2021, 12:57:56 AM8/31/21
to smal...@googlegroups.com
I have not done anything no. 

--
You received this message because you are subscribed to the Google Groups "SmallRye" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smallrye+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/smallrye/CAOtGrGJXonoCOXZK6%3D-tOaYp%3DvVuqRZo_3DatoUX1-%2BVHZ0iCg%40mail.gmail.com.

Sergey Beryozkin

unread,
Sep 9, 2021, 7:12:56 AM9/9/21
to SmallRye
I forgot the release PR can't be opened from a fork, Roberto reminded me :-)

So I'm going to go ahead with another try shortly, but 3.3.0 will also include MpJWT 1.2.2 - it ships jose 0.7.9 as its TCK dependency directly


Reply all
Reply to author
Forward
0 new messages