I have integrated Microsoft IdP to Keycloak, I am trying to use the feature in my spring application.
**Step1: I get AuthCode from**
https://auth.test.ai/realms/test-microsoft/protocol/openid-connect/auth?client_id=test-client&redirect_uri=http://localhost:8081/authorize/callback&state=1234&response_mode=query&response_type=code
**Step 2: I use this AuthCode that I collect in the redirect URI to get access token from**
http://localhost:8080/realms/zupaloop-realm/protocol/openid-connect/token
grant_type:authorization_code
client_id:test-client
redirect_uri:http://localhost:8081/authorize/callback
code:55a4ddf0-f57d-4619-b475-2066de2a145c.caf633c1-97fe-4bb1-9c1e-34f857dd7716.5460f6c8-f1cf-474b-9b7a-f1c70cdbe807
Then when I try to validate the token using below security config that is through validate endpoint it says www-authenticate: Bearer error="invalid_token",error_description="An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected,or no matching key(s) found",error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
//Security Config
@Configuration
@EnableWebSecurity
class SecurityConfiguration (
private val jwtAuthConverter: JwtAuthConverter
) {
@Bean
fun corsConfigurationSource(): CorsConfigurationSource {
val config = CorsConfiguration()
config.allowedOrigins = listOf("*")
config.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS")
config.allowedHeaders = listOf("*")
config.addAllowedHeader("Content-Type")
val source = UrlBasedCorsConfigurationSource()
source.registerCorsConfiguration("/**", config)
return source
}
@Bean
fun corsFilter(corsConfigurationSource: CorsConfigurationSource): CorsFilter {
return CorsFilter(corsConfigurationSource)
}
@Bean
fun filterChain(http: HttpSecurity): SecurityFilterChain {
http
.cors { cors ->
cors.configurationSource(corsConfigurationSource())
}
.csrf().disable()
.authorizeHttpRequests { authz ->
authz
.requestMatchers(HttpMethod.POST, "/authorize/login", "/authorize/signup", "/authorize/refreshtoken", "/authorize/callback", "authorize/login/microsoft").permitAll()
.requestMatchers(HttpMethod.POST, "/authorize/validator").authenticated()
.anyRequest().permitAll()
}
.oauth2ResourceServer{
it
.jwt()
.jwtAuthenticationConverter(jwtAuthConverter)
}
.sessionManagement{
it
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
}
.httpBasic().disable()
return http.build()
}
}