Merge pull request #13924 from savonarola/1003-do-not-log-jwk-in-auth

fix(authn): do not log JWK in redis auth

apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src

@@ -1,7 +1,7 @@
 %% -*- mode: erlang -*-
 {application, emqx_auth_jwt, [
     {description, "EMQX JWT Authentication and Authorization"},
-    {vsn, "0.3.3"},
+    {vsn, "0.3.4"},
     {registered, []},
     {mod, {emqx_auth_jwt_app, []}},
     {applications, [

apps/emqx_auth_jwt/src/emqx_authn_jwt.erl

@@ -320,7 +320,7 @@ do_verify(JWT, [JWK | More], VerifyClaims) ->
             do_verify(JWT, More, VerifyClaims)
     catch
         _:Reason ->
-            ?TRACE_AUTHN_PROVIDER("jwt_verify_error", #{jwk => JWK, jwt => JWT, reason => Reason}),
+            ?TRACE_AUTHN_PROVIDER("jwt_verify_error", #{jwt => JWT, reason => Reason}),
             do_verify(JWT, More, VerifyClaims)
     end.
 

changes/ce/fix-13924.en.md

@@ -0,0 +1 @@
+Fixed JWK key leakage to debug logs on JWT authentication failure.