I cannot make any authenticated call to API from client, as a client im using example:
https://auth0.com/docs/quickstart/spa/angular2/03-calling-an-api
On backend side i implemented only this part of code:
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
JwtWebSecurityConfigurer
.forRS256(apiAudience, issuer)
.configure(http)
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/not-secured").permitAll()
.anyRequest().authenticated();
}
- When im pinging not-secured path everything is working.
- Im sure my apiAudience and issuer properties have correct values.
- ApiExplorer and TestClient works as expected.
- As a scope im using: scope: ‘openid profile’
- Both client and use RS256
- /userInfo endpoint works as expected
Anyone has a clue what im i doing wrong?
Update:
Here is my apiAudience and issuer vars on backend.
private String apiAudience = "https://p-jankowski.eu.auth0.com/api/v2/";
private String issuer = "https://p-jankowski.eu.auth0.com/";
And here is a payload of token im getting from auth0:
{
"iss": "https://p-jankowski.eu.auth0.com/",
"sub": "google-oauth2|114536956276415376017",
"aud":
"https://p-jankowski.eu.auth0.com/api/v2/",
"https://p-jankowski.eu.auth0.com/userinfo"
],
"iat": 1510758445,
"exp": 1510765645,
"azp": "AqlWzMWC9t6eAQ0IWR1FYhnYpVJnIaZn",
"scope": "openid"
}
Seems like everything should be working fine, but it doesn’t, I’m not sure what i missed in docs.