Purpose

QE testing task for FLPATH-2212 — Tracker - Create a Custom Function to Access JWT Tokens from the Workflow.

Upstream issue: apache/incubator-kie-issues#1899

Background

PR apache/incubator-kie-kogito-runtimes#4021 adds a new Quarkus addon sonataflow-addons-quarkus-jwt-parser that enables workflows to parse JWT tokens and extract user claims. The addon provides a custom function type jwt-parser with three operations:

• parse — returns the full decoded JWT payload as JSON
• extractUser — returns standard user claims (sub, preferred_username, email, name, given_name, family_name)
• extractClaim — returns a specific claim by name

Scope

Validate that the jwt-parser custom function works end-to-end in a SonataFlow workflow deployed via the OpenShift Serverless Logic operator.

Key areas to test

• Verify the jwt-parser addon artifacts (JARs) are present in the SWF builder image
• Verify a workflow using jwt-parser:parse compiles and deploys successfully
• Verify a workflow using jwt-parser:extractUser correctly extracts standard user claims from a JWT token passed via workflow headers
• Verify a workflow using jwt-parser:extractClaim correctly extracts a specific claim
• Verify "Bearer " prefix is automatically stripped from tokens
• Verify error handling for invalid/malformed JWT tokens
• Verify error handling for missing token parameter

Preliminary Finding

As of the 1.37 RC1 SWF builder image (registry-proxy.engineering.redhat.com/rh-osbs/openshift-serverless-1-logic-swf-builder-rhel9@sha256:d62e857c1cb709e1f92c6350699c3119f5c87ac0cf648652fa71dcdba037df15), the jwt-parser module is listed in the parent POM but the actual JAR artifacts are not shipped in the image. The addon only exists on upstream main branch and was not backported to the 10.1.x release branch. This needs to be resolved before testing can proceed.