I am using SmallRye JWT to generate and verify the JWT token.
With microservice A, I generate the JWT token.
With microservice B, I have to verify the JWT token.
Inside microservice B, I use the properties:
smallrye:
jwt:
verify:
key:
location: http://localhost:8084/key
jwks:
refresh-interval: 2
forced-refresh-interval: 2
token:
kid: 123452And microservice A has the endpoint /key that produces the JWKS:
{
"keys": [
{
"kty": "RSA",
"kid": "123452",
"n": "i7y5smIoGrMHAQnwef7DfhSsrm-locPO_I1LkKHHVb4ol_Tfu3Me5uswb7M92H_A1Mhub4Zsugy22OqKVNnX9Z9UDpu4yG-KfPJRNNI9Rzo0fIBHzf8_g_cIdiNJJbODndxVAr4I38ZcFV6rSw",
"e": "AQAB"
}
]
}When I run both microservices at the same time, I am able to verify the token in microservice B...but if I restart microservice A (it will generate another JWKS) but microservice B will not be able anymore to verify the JWT token. Inside the SmallRye - Quarkus documentation, I found the following properties:
smallrye.jwt.jwks.refresh-interval: JWK cache refresh interval in minutes. It will be ignored unless the mp.jwt.verify.publickey.location points to the HTTP or HTTPS URL based JWK set and no HTTP Cache-Control response header with a positive max-age parameter value is returned from a JWK set endpoint.
and
smallrye.jwt.jwks.forced-refresh-interval: orced JWK cache refresh interval in minutes which is used to restrict the frequency of the forced refresh attempts which may happen when the token verification fails due to the cache having no JWK key with a kid property matching the current token’s kid header. It will be ignored unless the mp.jwt.verify.publickey.location points to the HTTP or HTTPS URL based JWK set.
As you can see, I set up both properties to 2 minutes:
smallrye:
jwt:
verify:
key:
location: http://localhost:8084/key
jwks:
refresh-interval: 2
forced-refresh-interval: 2
token:
kid: 123452
but it not works.
What do I do to make it works? I would like to call again the key.location (http://localhost:8084/key) to read again the new JKWS.
Thank you.