I am trying to see if I can substitute an old service with a new one that uses Quarkus. Todo so I need to be able to check some properties of the JWT that are sent with the request Authorization as a bearer token.
My problem is that after going over several docs and this tutorial I am still not able to get this working.
The case
So I have a FusionAuth server that provides a JWT token that is signed using an HS256 algorithm, and thus I have a kid
set and a secret used to sign it.
The Problem
Even after trying all possible combinations of configurations on the application.properties
file I still keep getting this message:
Token verification has failed: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: JWK with kid '3808b7397' is not available): JsonWebSignature{"alg":"HS256","typ":"JWT","kid":"3808b7397"}->...
I am not an expert on this subject, but I inherited this from someone that left the company so I cannot have any support and I am trying to read and understand as much as I can. (I apologize for the mistakes or misuses of terms)
As far as I understand I need to be able to tell which is the correct key for that kid
This is what I have tried on the properties (with some redacted values of course):
quarkus.keycloak.devservices.enabled=false
quarkus.oidc.devui.grant.type=client
quarkus.oidc.credentials.jwt.issuer=<<MY_ISSUER>>
quarkus.oidc.credentials.jwt.signature-algorithm=HS256
quarkus.oidc.credentials.jwt.key-id=3808b7397
quarkus.oidc.credentials.jwt.key-password=<<MY_PASSWORD>>
quarkus.oidc.auth-server-url=<<MY_FUSIONAUTH_SERVER>>
#quarkus.oidc.token.allow-jwt-introspection=false
#quarkus.oidc.token.allow-opaque-token-introspection=false
quarkus.log.level=DEBUG