You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Oliver Wulff (Jira)" <ji...@apache.org> on 2022/01/26 16:15:00 UTC

[jira] [Updated] (CXF-8645) Fix default authentication scheme for JWT authentication filter

     [ https://issues.apache.org/jira/browse/CXF-8645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oliver Wulff updated CXF-8645:
------------------------------
    Description: 
The default authentication scheme is as per spec "Bearer". This is described in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750]  and the [OAS spec|https://swagger.io/docs/specification/authentication/bearer-authentication/]

 

For backwards compatibility you can fix this by setting the property "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".

In the next major version the default should be updated and mentioned in the migration guide.

  was:
The default authentication scheme is as per spec "Bearer". This is described in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750]  and the [OAS spec|[https://swagger.io/docs/specification/authentication/bearer-authentication/].]

 

For backwards compatibility you can fix this by setting the property "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".

In the next major version the default should be updated and mentioned in the migration guide.


> Fix default authentication scheme for JWT authentication filter
> ---------------------------------------------------------------
>
>                 Key: CXF-8645
>                 URL: https://issues.apache.org/jira/browse/CXF-8645
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.4.5, 3.5.1, 4.0.0
>            Reporter: Oliver Wulff
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 4.0.0
>
>
> The default authentication scheme is as per spec "Bearer". This is described in [RFC 6750|https://datatracker.ietf.org/doc/html/rfc6750]  and the [OAS spec|https://swagger.io/docs/specification/authentication/bearer-authentication/]
>  
> For backwards compatibility you can fix this by setting the property "expectedAuthScheme" of JwtAuthenticationFilter to "Bearer".
> In the next major version the default should be updated and mentioned in the migration guide.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)