I am attempting to connect to a JHipster generated microservice application using JWT authentication. I have verified my token and public key on jwt.io, but when I plug in my public key to my service's base64-secret parameter in application-XXX.yml I receive the following:
inventory-app_1 | 2020-09-02 17:40:07.351 INFO 1 --- [ XNIO-1 task-1] xxxx.security.jwt.TokenProvider : Invalid JWT token.
inventory-app_1 | 2020-09-02 17:40:07.384 WARN 1 --- [ XNIO-1 task-1] o.z.problem.spring.common.AdviceTraits : Unauthorized: Full authentication is required to access this resource
My token/key are generated by a Keycloak v7.0 server using RS256. I am using the public key found at https://myUrl.com/auth/realms/realmName/protocol/openid-connect/certs, key value x5c
If my JWT/key pair is already known to be valid - what factors can stop my JHipster/spring server from recognizing the token?
Edit: I was able to extract the following error message:
The parsed JWT indicates it was signed with the RS256 signature algorithm, but the specified signing key of type j
avax.crypto.spec.SecretKeySpec may not be used to validate RS256 signatures. Because the specified signing key reflects a specific and expected algorithm, and the JWT does not reflect this algorithm, it is likely that the JWT was n
ot expected and therefore should not be trusted. Another possibility is that the parser was configured with the incorrect signing key, but this cannot be assumed for security reasons.
To me this error seems to suggest that it is not possible to use RS256 signed tokens, but it is not fully clear.
