JWT token validation required at Helidon SE Service

Question

JWT token validation required at Helidon SE Service

392 Views Asked by Anbu At 20 June 2023 at 09:45

I need JWT token and scope validation at the Helidon SE service where my REST APIs are exposed.

I am using OIDC provider by following "https://helidon.io/docs/v2/#/se/security/02_providers#_oidc_provider". I am getting the below error when I do run as Maven build from eclipse. My application is getting started without the below said error when I run this application from eclipse. I have generated JWT token using postman and invoked the API from helidon web server. I am getting 200 response, but I don't see that the JWT token validation before accessing resource. I was getting success even with modified JWT or without authorization header. I have exactly followed https://helidon.io/docs/v2/#/se/security/02_providers#_oidc_provider . Please help me to make JWT token validation part working.

error io.helidon.config.MissingValueException: Requested value for configuration key 'security.providers' is not present in the configuration.

Original Q&A

There are 2 best solutions below

**Daniel Kec** · Answer 1 · 2023-06-20T11:20:17.123000

you are missing security.providers property in your configuration, it is described in the mentioned security providers documentation.

Maybe check out our OIDC example with IDCS https://github.com/helidon-io/helidon/tree/helidon-3.x/examples/security/idcs-login

**Ashwin Prabhu** · Answer 2 · 2023-06-20T15:48:17.777000

It is hard to tell what is wrong with the little info shared in the question. I would hazard a guess that the issue is limited to the configuration file you are using in your application.

Definitely, security.providers would be the first place to check. Have you defined it correctly? Are the providers defined under it as an array? Is the tabbing/spacing correct? The link you shared in the comment has incorrect spacing.

It should be

providers:
  - abac:
    # Adds ABAC Provider - it does not require any configuration
  - oidc:
      client-id: "${security.properties.idcs-client-id}"

and not

providers:
- abac:
  # Adds ABAC Provider - it does not require any configuration
- oidc:

That apart, there are 'N' different ways to fail in properties or yaml - eliminate them all by semantically checking the configuration.

JWT token validation required at Helidon SE Service

There are 2 best solutions below

Related Questions in HELIDON

Related Questions in OIDC-PROVIDER

Trending Questions

Popular # Hahtags

Popular Questions