@@ -25,7 +25,6 @@ import java.util.concurrent.TimeUnit
2525fun Application.authenticationModule () {
2626 val logger = LoggerFactory .getLogger(" AuthenticationModule" )
2727 val issuer = AuthenticationConfig .issuer
28- val jwtSecret = AuthenticationConfig .jwtSecret
2928 val zgwClientSecrets = AuthenticationConfig .zgwClientSecrets
3029
3130 install(Authentication ) {
@@ -35,28 +34,16 @@ fun Application.authenticationModule() {
3534 header?.let { parseAuthorizationHeader(it) }
3635 }
3736
38- if (jwtSecret != null ) {
39- // HS256 verification using a shared secret (e.g. local dev or symmetric key setup).
40- logger.info(" [JWT] Using HS256 secret verification for auth-jwt" )
41- verifier(
42- JWT .require(Algorithm .HMAC256 (jwtSecret))
43- .withIssuer(issuer)
44- .acceptLeeway(3 )
45- .build(),
46- )
47- } else {
48- // Configure JWK provider to fetch signing keys from Keycloak.
49- // Only used when OIDC_JWT_SECRET is not set.
50- val jwkProvider = JwkProviderBuilder (URI (" $issuer /protocol/openid-connect/certs" ).toURL())
51- .cached(10 , 24 , TimeUnit .HOURS )
52- .rateLimited(10 , 1 , TimeUnit .MINUTES )
53- .build()
37+ // Configure JWK provider to fetch signing keys from Keycloak.
38+ val jwkProvider = JwkProviderBuilder (URI (" $issuer /protocol/openid-connect/certs" ).toURL())
39+ .cached(10 , 24 , TimeUnit .HOURS )
40+ .rateLimited(10 , 1 , TimeUnit .MINUTES )
41+ .build()
5442
55- // RS256 verification via Keycloak's JWK endpoint (production default).
56- logger.info(" [JWT] Using JWK/RS256 verification for auth-jwt (issuer={})" , issuer)
57- verifier(jwkProvider, issuer) {
58- acceptLeeway(3 )
59- }
43+ // RS256 verification via Keycloak's JWK endpoint (production default).
44+ logger.info(" [JWT] Using JWK/RS256 verification for auth-jwt (issuer={})" , issuer)
45+ verifier(jwkProvider, issuer) {
46+ acceptLeeway(3 )
6047 }
6148
6249 validate { credential ->
0 commit comments