Add localhost:8585 as jwks urls; Fix entity consolidations when there is no previous chnage available (#15001)

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java

@@ -2057,6 +2057,7 @@ public abstract class EntityRepository<T extends EntityInterface> {
       // set changeDescription to null
       T updatedOld = updated;
       previous = getPreviousVersion(original);
+      if (previous != null) {
         LOG.debug(
             "In session change consolidation. Reverting to previous version {}",
             previous.getVersion());
@@ -2074,6 +2075,7 @@ public abstract class EntityRepository<T extends EntityInterface> {
         original = previous;
         entityChanged = false;
       }
+    }
 
     /** Compare original and updated entities and perform updates. Update the entity version and track changes. */
     @Transaction

openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java

@@ -59,6 +59,11 @@ public class JwtFilter implements ContainerRequestFilter {
   private String principalDomain;
   private boolean enforcePrincipalDomain;
   private AuthProvider providerType;
+
+  private static final List<String> DEFAULT_PUBLIC_KEY_URLS =
+      Arrays.asList(
+          "http://localhost:8585/api/v1/system/config/jwks",
+          "http://host.docker.internal:8585/api/v1/system/config/jwks");
   public static final List<String> EXCLUDED_ENDPOINTS =
       List.of(
           "v1/system/config/jwks",
@@ -89,6 +94,13 @@ public class JwtFilter implements ContainerRequestFilter {
     for (String publicKeyUrlStr : authenticationConfiguration.getPublicKeyUrls()) {
       publicKeyUrlsBuilder.add(new URL(publicKeyUrlStr));
     }
+    // avoid users misconfiguration and add default publicKeyUrls
+    for (String publicKeyUrl : DEFAULT_PUBLIC_KEY_URLS) {
+      if (!authenticationConfiguration.getPublicKeyUrls().contains(publicKeyUrl)) {
+        publicKeyUrlsBuilder.add(new URL(publicKeyUrl));
+      }
+    }
+
     this.jwkProvider = new MultiUrlJwkProvider(publicKeyUrlsBuilder.build());
     this.principalDomain = authorizerConfiguration.getPrincipalDomain();
     this.enforcePrincipalDomain = authorizerConfiguration.getEnforcePrincipalDomain();

openmetadata-service/src/main/java/org/openmetadata/service/security/MultiUrlJwkProvider.java

@@ -32,7 +32,9 @@ final class MultiUrlJwkProvider implements JwkProvider {
   public Jwk get(String keyId) throws JwkException {
     JwkException lastException =
         new SigningKeyNotFoundException(
-            "JWT Token keyID doesn't match the configured keyID.", null);
+            "JWT Token keyID doesn't match the configured keyID. This usually happens if you didn't configure "
+                + "proper publicKeyUrls under authentication configuration.",
+            null);
     for (UrlJwkProvider jwkProvider : urlJwkProviders) {
       try {
         return jwkProvider.get(keyId);