Hi,
I am trying to protect my SOAP based webservice with Okta OAuth2 authentication mechanism using spring.
My app is not based on spring boot, but I integrated the app with spring security. Below is the configuration for my app which acts as Resource Server for validating the jwt token and provides access to the resource.
@Configuration
@EnableResourceServer
@EnableWebSecurity
@PropertySource({"classpath:config/OAuth2.properties"})
public class ResourceServerConfig extends ResourceServerConfigurerAdapter{
@Autowired
private Environment env;
public void configure (ResourceServerSecurityConfigurer resources) throws Exception {
JwkTokenStore tokenStore = new JwkTokenStore(env.getProperty("jwk.key-set-uri"));
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore);
resources.resourceId(env.getProperty("authorization-server-id"));
resources.tokenServices(defaultTokenServices);
resources.tokenStore(tokenStore);
}
public void configure(HttpSecurity http) throws Exception {
RequestMatcher requestMatcher = new AntPathRequestMatcher("/web/**");
http.requestMatcher(requestMatcher).authorizeRequests().anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer{
public SecurityWebApplicationInitializer() {
super(ResourceServerConfig.class);
}
}
below are the properties I am using for the jwt key verification…
jwk.key-set-uri=https://MyCompany.oktapreview.com/oauth2/ausdwc45p9oaj8Bv00t7/v1/keys
authorization-server-id=Default
My Auth server name is Default and so i am using server-Id as Default.
I am getting Below error when testing my service.
{
“error”: “invalid_token”,
“error_description”: “Invalid JOSE Header kid (nkNj_A6sWlAAjHC-KwTAaUSDrnLlRQoJTNhjhgjA7M4LBa1k)”
}
I am struck and any help is greatly appreciated.