JHipster 微服务应用抛出无效的 JWT 错误
JHipster microservice app throws invalid JWT error
我正在尝试使用 JWT 身份验证连接到 JHipster 生成的微服务应用程序。我已经在 jwt.io 上验证了我的令牌和 public 密钥,但是当我将 public 密钥插入应用程序中服务的 base64-secret 参数时-XXX.yml 我收到以下信息:
inventory-app_1 | 2020-09-02 17:40:07.351 INFO 1 --- [ XNIO-1 task-1] xxxx.security.jwt.TokenProvider : Invalid JWT token.
inventory-app_1 | 2020-09-02 17:40:07.384 WARN 1 --- [ XNIO-1 task-1] o.z.problem.spring.common.AdviceTraits : Unauthorized: Full authentication is required to access this resource
我的 token/key 是由使用 RS256 的 Keycloak v7.0 服务器生成的。我正在使用 https://myUrl.com/auth/realms/realmName/protocol/openid-connect/certs 中的 public 键,键值 x5c
如果我的 JWT/key 对已知是有效的 - 哪些因素可以阻止我的 JHipster/spring 服务器识别令牌?
编辑: 我能够提取以下错误消息:
The parsed JWT indicates it was signed with the RS256 signature algorithm, but the specified signing key of type j
avax.crypto.spec.SecretKeySpec may not be used to validate RS256 signatures. Because the specified signing key reflects a specific and expected algorithm, and the JWT does not reflect this algorithm, it is likely that the JWT was n
ot expected and therefore should not be trusted. Another possibility is that the parser was configured with the incorrect signing key, but this cannot be assumed for security reasons.
对我来说,这个错误似乎表明无法使用 RS256 签名令牌,但并不完全清楚。
JHipster 生成的 JWT 安全性仅允许 HMAC 签名
我正在尝试使用 JWT 身份验证连接到 JHipster 生成的微服务应用程序。我已经在 jwt.io 上验证了我的令牌和 public 密钥,但是当我将 public 密钥插入应用程序中服务的 base64-secret 参数时-XXX.yml 我收到以下信息:
inventory-app_1 | 2020-09-02 17:40:07.351 INFO 1 --- [ XNIO-1 task-1] xxxx.security.jwt.TokenProvider : Invalid JWT token.
inventory-app_1 | 2020-09-02 17:40:07.384 WARN 1 --- [ XNIO-1 task-1] o.z.problem.spring.common.AdviceTraits : Unauthorized: Full authentication is required to access this resource
我的 token/key 是由使用 RS256 的 Keycloak v7.0 服务器生成的。我正在使用 https://myUrl.com/auth/realms/realmName/protocol/openid-connect/certs 中的 public 键,键值 x5c
如果我的 JWT/key 对已知是有效的 - 哪些因素可以阻止我的 JHipster/spring 服务器识别令牌?
编辑: 我能够提取以下错误消息:
The parsed JWT indicates it was signed with the RS256 signature algorithm, but the specified signing key of type j
avax.crypto.spec.SecretKeySpec may not be used to validate RS256 signatures. Because the specified signing key reflects a specific and expected algorithm, and the JWT does not reflect this algorithm, it is likely that the JWT was n
ot expected and therefore should not be trusted. Another possibility is that the parser was configured with the incorrect signing key, but this cannot be assumed for security reasons.
对我来说,这个错误似乎表明无法使用 RS256 签名令牌,但并不完全清楚。
JHipster 生成的 JWT 安全性仅允许 HMAC 签名