OAuth2 Auth provider incorrectly validating Access Tokens

[fposch]

Motivation:

PR containing code for fix in #654

[vietj]

I can't see any test for this

[vietj]

@pmlopes could you have a look ?

[fposch]

I can't see any test for this

I didn't write a test because I couldn't see any for the provider. A full maven build for the whole vertx-auth module passes locally but that's as far as I ran tests locally.

[fposch]

Test issues partially fixed, reusing the audience ArrayList from JWTOptions did unintendedly modify its content, using a copy now.

[fposch]

Now only the following two tests are failing in OAuth2Keycloak14IT

• discoverGetTokenFromFrontEndPerformAuthWithBackend
• discoverGetTokenFromFrontEndPerformAuthWithBorkendWillFail

Tests are expecting validation to fail but that isn't happening with the suggested ID-token-only validation. I don't want to tamper with existing tests too much, so your opinion on this one would be appreciated.

[fposch]

@pmlopes @vietj May I ask for an update?

My recent changes to suggested fix from #654 did resolve some of the regression but the ones are broken with new logic only validating ID-tokens. Writing a meaningful test is above my paygrade and I wouldn't dare to just remove the test cases.

Let me know what you think,

[fposch]

There hasn't been any reply, neither on the related issue nor here for months and I'm not sure how else to address this.

[fposch]

We decided to tackle this issue by this issue by managing audiences in our application in a controlled manner, so no need to fix token handling from our perspective -> closing the PR and leave it to the creator of the related issue how to deal with it.

See also #654