Hello,
I’m trying to execute following project with the id_token token value which I got by calling https://xxx.auth0.com/oauth/ro endpoint -
But it is giving 401 Unauthorized while calling http://localhost:3001/photos endpoint (GET). Can you please help me out? Where I’m making mistake? Can you provide some sample link?
Thanks in advance.
-Palak
I found there was issue with JsonWebToken Signature Algorithm setting. Now I made it HS256 and from AppConfig.java file also using .forHS256(apiAudience, issuer, b), but I’m getting following error while hitting localhost:3001/photos endpoint -
{
“timestamp”: 1493939218189,
“status”: 403,
“error”: “Forbidden”,
“message”: “Access is denied”,
“path”: “/photos”
}
My configure() method in AppConfig.java file looks like following -
@Override
protected void configure(HttpSecurity http) throws Exception {
byte] b = secrete.getBytes(StandardCharsets.UTF_8);
JwtWebSecurityConfigurer
.forHS256(apiAudience, issuer, b)
.configure(http)
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/login").permitAll()
.antMatchers(HttpMethod.GET, "/photos/**").hasAuthority("read:photos")
.antMatchers(HttpMethod.POST, "/photos/**").hasAuthority("create:photos")
.antMatchers(HttpMethod.PUT, "/photos/**").hasAuthority("update:photos")
.antMatchers(HttpMethod.DELETE, "/photos/**").hasAuthority("delete:photos")
.anyRequest().authenticated();
}
Can you please what I’m doing wrong?
Thanks in advance.
-Palak