Spring Cloud Azure Ad intercepting Hydra OAuth token and throwing exception Expected BEGIN_OBJECT but was STRING at line 1 column 1 path

41 Views Asked by Sathesh S At 12 April 2025 at 18:08

We have developed Spring boot application with Azure Ad login and hydra.ory.sh/v1alpha1. Hydra OAuth2 is used for API authentication and User login is authentication via Azure AD. Now the problem is when the api is called by passing Bearer: token spring cloud is intercepting and logging exception as INFO.

{"instant":{"epochSecond":1706105689,"nanoOfSecond":62241943},"thread":"http-nio-8080-exec-4","level":"INFO","loggerName":"com.azure.spring.cloud.autoconfigure.implementation.aad.filter.UserPrincipalManager","message":"Fail to parse JWT LRBNV-vJ0YwSbX-6ouut-78bjCymlyRP3Syg.4BF6bBP9zD9HpFd0-DB4-DMc, exception java.text.ParseException: Invalid unsecured/JWS/JWE header: Invalid JSON: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 1 path $","endOfBatch":false,"loggerFqcn":"org.apache.logging.slf4j.Log4jLogger","contextMap":{"instana.trace.id":"e72da1821399a7b7"},"threadId":99,"threadPriority":5,"source":{"class":"com.azure.spring.cloud.autoconfigure.implementation.aad.filter.UserPrincipalManager","method":"isTokenIssuedByAad","file":"UserPrincipalManager.java","line":185}}

Below is the Spring Security code. Already excluded api endpoint from authentication.

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig {

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.csrf(AbstractHttpConfigurer::disable);
    http.apply(AadWebApplicationHttpSecurityConfigurer.aadWebApplication());
    http
            .authorizeHttpRequests(auth -> auth
                    .requestMatchers(AntPathRequestMatcher.antMatcher("/static/*")).permitAll()
                    .requestMatchers(AntPathRequestMatcher.antMatcher("/metrics")).permitAll()
                    .requestMatchers(AntPathRequestMatcher.antMatcher("/api/**")).permitAll()
                .anyRequest().authenticated()
            );
    http
            .headers((headers) ->
                    headers
                            .frameOptions(HeadersConfigurer.FrameOptionsConfig::disable));
    return http.build();

    }
}

Hydra OAuth setup

{{- if .Values.oauthclient.enabled -}}
apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
  name: backend-api
  namespace: {{ .Release.Namespace }}
spec:
  grantTypes:
    - client_credentials
  scope: {{ .Release.Namespace }} backend-api-scope
  secretName: {{ .Values.secrets.name }}-eso
{{- end }}

Original Q&A

Spring Cloud Azure Ad intercepting Hydra OAuth token and throwing exception Expected BEGIN_OBJECT but was STRING at line 1 column 1 path

There are 0 best solutions below

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in OAUTH-2.0

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in ORY-HYDRA

Trending Questions

Popular # Hahtags

Popular Questions