I found an issue in RemoteJwkSigningKeyResolver updateKeys() method. I was debugging okta libraries to check why i was getting following exception: java.lang.IllegalArgumentException: A signing key must be specified if the specified JWT is digitally signed.
In the mentioned method I can see that the list contains the key and theoretically it should be added to a map (Map<String, Key> newKeys). Because it’s in a jar and it is stream i copied it to my own java class in Intellij with java8 and instantly it showed the issues with ‘collect’ (.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)) : Bad return type in method reference : cannot convert to java.lang.Object to java.security.Key. Anyone has any suggestions how to make that work or is it a bug? Thanks in advance!
Is the main issue here the lack of the signing key to be able to verify JWTs locally?
Definitely not, the key is there (i confirmed during debugging) and it should go successfully through all ‘if’ statements. The reason it doesn’t is because collection to map returns generic map with Object as class types and a map variable on the left side of = statement is Map<String, Key>. Exception wouldn’t be thrown but the result of this stream operation would be simply null. Then the presence of a key is checked and fails. For me it looks like a bug.
Thank you for letting me know. Would it be possible to open an issue here in order to have this reviewed by the team responsible of the package?
Will do! Fixed that locally now! Will post a solution.
Actually i missed (Map) cast and that’s why i saw ‘Bad return type in method reference’ error. I fixed that and i could see filters were finally working but not map and collect. When collecting list into map it’s better to do computation inside Collectors.toMap(), otherwise mapped stream is not going to work correctly. I added code snippet with my fix into a ticket.
Thanks a lot!