Spring Cloud Gateway Azure User token verification

Question

For my backend of few microservices I have API gateway (Spring Cloud Gateway) where I wanna verify if azure token user send from frontend is valid befor routing microservice. So far I get only 401 response whether I add valid token or not.

My security config class:

@EnableWebFluxSecurity
public class SecurityConfiguration {

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeExchange(exchanges -> exchanges
                        .anyExchange().authenticated()
                )
                .oauth2ResourceServer(oauth2 -> oauth2
                        .jwt(withDefaults())
                );

        return http.build();
    }

}

Application.properties

spring.security.oauth2.resourceserver.jwt.issuer-uri=https://login.microsoftonline.com/{tenant_id}/v2.0

pom.xml

    <dependency>
        <groupId>com.azure.spring</groupId>
        <artifactId>spring-cloud-azure-starter-active-directory-b2c</artifactId>
    </dependency>

Somehow I cannot find any help for scenerio when I already have access token and only wanna validate it on gateway before passing to services.

Answer 1

If the login / authentication is through azure active directory, please check to add the following com.azure.spring : spring-cloud-azure-starter-active-directory maven dependency to the pom.xml file.

<dependency>
    <groupId>com.azure.spring</groupId>
    <artifactId>spring-cloud-azure-starter-active-directory</artifactId>
    <version>4.3.0</version>
</dependency>

• Also please make sure , that if the issuer after decoding the token has v2 endpoint, accessTokenAcceptedVersion should be set to 2 otherwise it is to be set to 0 or 1

Also try to give some time and please check the decoded token has audience equal to clientId or appId uri of the application and if scopes are granted admin consent.

Also please check this SO reference