I am trying to use Okta OIDC and PKCE with a Spring Boot REST application using Spring Security. Our front-end UI is authenticating our users with Okta, and is then passing the JWT in the Authorization Bearer token to our backend REST app.
I followed the doc in this link:
application.yml looks like this:
spring: security: oauth2: resourceserver: jwt: issuer-uri: https://dcsg-hub-dev.okta.com jwk-set-uri: https://dcsg-hub-dev.okta.com/oauth2/v1/keys?client_id=???
When I call our REST endpoint with a valid token (I verified this by calling the OIDC
userinfo endpoint), I am getting the following error:
Caused by: com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
I set breakpoints in that code, and for whatever reason, the kid that comes back in the token/JWT from Okta does not match any of the keys that are returned from the call to the Okta
Any ideas what is wrong?