janhoy opened a new pull request, #4337: URL: https://github.com/apache/solr/pull/4337
Several long-standing bugs were found in the JWT authentication plugin reference guide. **`blockUnknown` default has been wrong since [apache/lucene-solr#805](https://github.com/apache/lucene-solr/pull/805)** (SOLR-13649). That PR changed the documented default from `false` to `true` without touching the code, which has always used `getOrDefault("blockUnknown", false)`. This fix corrects the parameter table, the intro paragraph, and the callout in the complex example. It also restores the explicit `"blockUnknown": true` in the "With JWKS URL" and "With Admin UI Support" examples that the same PR had removed, so production configurations clearly show the recommended setting. **`aud` default** was documented as "Uses `clientId` if configured". No such fallback exists in the code — when `aud` is not set, audience validation is skipped entirely. **`adminUiScope` fallback** was documented as falling back to the first `scope` entry. A second fallback to the hardcoded string `"solr"` exists in the code but was not mentioned. **Clock-skew tolerance** — a 30-second `exp` tolerance is applied by the plugin but was not documented. Added a note to the `requireExp` row. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
