No able to call secures API in PCF

Abhishek7969 · June 15, 2021, 6:42am

I have secured an API using okta. In order to call the API one need to generated the Bearer token and call the API. These all things are working fine in my local…

But when I deployed this secured API service in PCF , and calling this secured Api from local (passing bearer token in header) its resulting in an error.

Bearer error=“invalid_token”, error_description=“An error occurred while attempting to decode the Jwt: Invalid token”

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/").permitAll()
        .and()
        .authorizeRequests()
        .antMatchers("/v1/delivery/scan/RRScan").authenticated();
    http.cors();
    Okta.configureResourceServer401ResponseBody(http);
  }
}

okta:
oauth2:
issuer: https://abc-test.oktapreview.com/oauth2/auszapgul6HdbqJXA0h7
audience: APP6934

okra-okta · June 15, 2021, 3:48pm

If you decode the access token using a tool, such as https://token.dev, do the claims look correct?