Description

Today I deployed a new version of my app which uses JWT RBAC. Due to a typo in the mp.jwt.verify.publickey.location URL quarkus got a 404 while retrieving the JWKS and was unable to verify the JWT sent with all incoming requests, causing some downtime.

I propose adding a readiness check to the quarkus-smallrye-jwt extension which will be up if and only if the JWKS can be succesfully obtained (either from URL or direct config) and validated. This would ensure an app only serves requests if it can actually get the principal from the request.

I do recommend adding a config property to enable it to ensure no breaking changes (say quarkus.smallrye-jwt.jwks-readiness-check?)

Implementation ideas

No response