After reading Andrews excellent article https://developer.okta.com/blog/2019/06/20/spring-preauthorize
I wanted to take the next step and see if I can get an access token with Postman so that I can test my APIs.
I used the example shown in this video to make progress
I can get an access token and submit a request to my local Spring boot app that using Spring security ver 5.1.8. The error shown in postman is
“An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found”
The problem, best I can tell, is with the algorithm in the JWT. It seems to be HS256 but Spring is expecting RS256.
I took the JWT and decode it at
I ran the spring boot app in debug mode and stepped thru the security files and found that com.nimbusds.jose Algorithm parseAlgorithm(JSONObject json) thinks it’s RS256
which explains why JwtAuthenticationProvider - this.jwtDecoder.decode(bearer.getToken()); throws an error.
btw, I don’t know what any of this means so if you think you know the answer please dumb it for me. What I would like is an easy way to get an access token in Postman so I can test.