1

Using Spring Boot OAuth Resource Server starter project, Version - 2.4.4. I'm receiving the below exception, I couldn't find much problem in code as it worked fine in our preprod env but not working in prod environment
Observation so far,
I have checked , and want to confirm if kid received from jwk uri and kid received from token is different , then Is it possible for this exception ? Note , kid is same for token and jwk uri in pre-prod env.
from jwk uri -
enter image description here
from jwt header -
enter image description here
Looked into this code , for key id checking snippet , line no- 253 .. but i couldn't understand further into it.

com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:384) ~[nimbus-jose-jwt-8.20.2.jar:8.20.2]
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:330) ~[nimbus-jose-jwt-8.20.2.jar:8.20.2]
    at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.createJwt(NimbusJwtDecoder.java:153) ~[spring-security-oauth2-jose-5.4.5.jar:5.4.5]
anavaras lamurep
  • 1,303
  • 2
  • 17
  • 33

1 Answers1

4

This exception is expected if the kid from your token and the kid from the JWKS endpoint do not match.

Double-check your configuration, it's possible you have a client attempting to use a token from a different issuer (may from your pre-prod).

The JWT should contain an iss field in the body that should help you track down the problem.

Brian Demers
  • 2,051
  • 1
  • 9
  • 12
  • yes i double checked kid is different for token and JWKS endpoint , i need to check with our Admin why is it so then .. thanks for confirmation – anavaras lamurep Sep 27 '21 at 16:19
  • could you comment on this - https://stackoverflow.com/questions/70049215/in-nimbus-jose-jwt-what-is-difference-between-lifespan-and-refreshtime – samshers Nov 20 '21 at 22:13
  • could you please add some reference docs for reading more about this – cherish sham Jul 28 '22 at 13:14