JWT-Auth implementation encrypted token recognition fixed (#4811)

Signed-off-by: David Kral <[email protected]>
helidon-io · Aug 31, 2022 · e21d85f · e21d85f
1 parent 5091b0c
commit e21d85f
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 7 deletions.
diff --git a/microprofile/jwt-auth/src/main/java/io/helidon/microprofile/jwt/auth/JwtAuthProvider.java b/microprofile/jwt-auth/src/main/java/io/helidon/microprofile/jwt/auth/JwtAuthProvider.java
@@ -247,7 +247,7 @@ AuthenticationResponse authenticate(ProviderRequest providerRequest, LoginConfig
                     SignedJwt signedJwt;
                     try {
                         headers = JwtHeaders.parseToken(token);
-                        if (headers.encryption().isPresent()) {
+                        if (headers.encryption().isPresent() || decryptionKeys.get() != null) {
                             EncryptedJwt encryptedJwt = EncryptedJwt.parseToken(headers, token);
                             if (!headers.contentType().map("JWT"::equals).orElse(false)) {
                                 throw new JwtException("Header \"cty\" (content type) must be set to \"JWT\" "

diff --git a/microprofile/tests/tck/tck-jwt-auth/tck-base-suite.xml b/microprofile/tests/tck/tck-jwt-auth/tck-base-suite.xml
@@ -58,12 +58,6 @@
                     <exclude name="testNeedsGroup1Mapping"/>
                 </methods>
             </class>
-            <!-- There is no reason why this should fail -->
-            <class name="org.eclipse.microprofile.jwt.tck.container.jaxrs.jwe.RolesAllowedSignEncryptTest">
-                <methods>
-                    <exclude name="callEchoSignToken"/>
-                </methods>
-            </class>
         </classes>
     </test>
 </suite>