Well, I have a URL to get public-keys but this URL require a Bearer Token, so I have the following in my application.properties:
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://myauth-server.com/keys.jwt
And my Security Configuration Class:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests ->
authorizeRequests
.antMatchers("/customers/**").authenticated()
.anyRequest().anonymous()
).oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
But when I try to make a request I got the following error:
org.springframework.security.oauth2.core.OAuth2AuthenticationException: An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
And my pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>oauth2-oidc-sdk</artifactId>
<version>7.3</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
I really don't know if this error is because my "keys.jwt" URI require some authentication or another reason.
