Traces BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found

Question

I have develop Azure AD security integration with spring boot. The front end redirects to Microsoft page and generates a idToken that perfectly works with the backend filter (this filter is provided also by microsoft within a spring boot library) sometimes it show my in the back end this trace:

2020-06-30 00:01:00,674 ERROR class=com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter  Failed to initialize UserPrincipal.
com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.<clinit>(DefaultJWTProcessor.java:99)
    at com.microsoft.azure.spring.autoconfigure.aad.UserPrincipalManager.getAadJwtTokenValidator(UserPrincipalManager.java:134)

but tis trace is shown just sometimes and no request have been performed. I have no idea why is showing this trace suddenly and also everithing is working fine

Although everything is working well, it is a bit annoying to see the trace

Front end is generating tokens with "vue-msal": "^3.0.3" libraries and for spring boot the dependency is azure-active-directory-spring-boot-starter version 2.2.4

thank you in advance

Harry Harry · Accepted Answer · 2020-07-13T14:23:19

I had to add the following to the application.properties file:

azure.service.endpoints.global.aadSigninUri=https://login.microsoftonline.com/
azure.service.endpoints.global.aadGraphApiUri=https://graph.windows.net/
azure.service.endpoints.global.aadKeyDiscoveryUri=https://login.microsoftonline.com/common/discovery/v2.0/keys/
azure.service.endpoints.global.aadMembershipRestUri=https://graph.windows.net/me/memberOf?api-version=1.6

The issue was, that it did not use v2.0.

Traces BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found

2 Answers