getting 401 error while trying to validate a azure token

Question

Hi I'm using the Which azure-spring-boot-sample-active-directory example to use to validate access token in a Spring Boot application coming from a Vue.js application? 03-resource-server code to validate the token. But I'm getting an 401 response all the time while using Postman and no Body in response. what might be the issue? I'm stuck on this for last few days Please do help

Configuration:

@EnableWebSecurity
@Order(SecurityProperties.BASIC_AUTH_ORDER)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.authorizeRequests()
            .anyRequest().authenticated()
            .and()
        .oauth2ResourceServer()
            .jwt()
            .and();
}
}

Controller :

@RestController
@RequestMapping("/api")
public class HomeController {

@GetMapping("/asd")
@ResponseBody
public String home() {
    return "Hello, this is resource server 1.";
}
}

application.yml

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          jwk-set-uri: https://login.microsoftonline.com/{tenant-id}/discovery/keys
          issuer-uri: https://login.microsoftonline.com/{tenant-id}/v2.0

pom.xml

<dependencies>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>

We're going to need a bit more information to enable us to help you. Please provide a [mcve] and refer to [ask]. — rickvdbosch, Mar 02 '22 at 10:52
Please provide enough code so others can better understand or reproduce the problem. — Community, Mar 02 '22 at 11:04

score 0 · Accepted Answer · answered Mar 02 '22 at 14:32

Your Java code looks pretty correct. I would start with adding extra logging to your application properties file to see if that tells you anything, eg:

logging:
  level:
    org:
      springframework:
        security: DEBUG

Next I would use a JWT viewer to see if there is a nonce field in the JWT header of the access token. If so then it will fail validation - see this recent answer of mine for more info on exposing an API scope in Azure AD.

Finally, you could try another library temporarily and it may give you a better explanation of the cause. See this jose4j code for an example of library based verification. You could paste that into a small Java console app and run it with an Azure access token.

Additionally, you might need to change the accessTokenAcceptedVersion property from null to 2 in the app registration's manifest. — Luis Gouveia, May 26 '23 at 09:46

getting 401 error while trying to validate a azure token

1 Answers1