Authorizacion Code Flow React in React with Spring Boot Backend

Hello,

Now I am receiving a token generated in fronted (REACT) but I don’t know the way to validate that in Spring Boot configuration.

I tried with that code:

@Configuration
@EnableWebSecurity
public class SecurityConfig{

    @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}")
    private String issuer;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        http
            .cors(Customizer.withDefaults())
            .csrf(csrf -> csrf.disable())
        .authorizeHttpRequests(authz -> {
            authz.requestMatchers("/test/private").authenticated();
            authz.anyRequest().permitAll();
        }).oauth2ResourceServer((oauth2) -> oauth2
            .jwt(Customizer.withDefaults())
        );
        
        return http.build();
    }

    @Bean
    public JwtDecoder jwtDecoder() {
        return JwtDecoders.fromIssuerLocation(issuer);
    }
}

With that code I can use token generated using API APP but I can’t use token generated in auth code flow from React . Why?

Thanks you!

Hi @tecnologianvs,

Welcome to the Auth0 Community!

Have you had a chance to decode your access token on jwt.io to verify the payload?

If your access token is not in the JWT format, it will not work against your API. It seems that you generated a JWT token when using it for your API but not when using the authorization code flow.

In this situation, you will want to Call Your API Using the Authorization Code Flow to get a JWT access token. After that, you can validate the access token using any existing middleware.

For more information, please refer to the following documentation:

• Validate JSON Web Tokens
• Why is My Access Token Not a JWT? Opaque Token

Please let me know if you have any questions.

Thanks,
Rueben