In my spring Boot (2.7.3) application, I used Auth0/Spring Security to protect our backend APIs, but we encountered an exception like this when deploying into our staging environment.
2022-09-01 11:29:33.096 DEBUG 1 --- [or-http-epoll-1] o.s.s.w.s.a.AuthenticationWebFilter :
Authentication failed: An error occurred while attempting to decode the Jwt: class
com.nimbusds.jose.JWEHeader cannot be cast to class com.nimbusds.jose.JWSHeader
(com.nimbusds.jose.JWEHeader and com.nimbusds.jose.JWSHeader are in unnamed module of
loader org.springframework.boot.loader.LaunchedURLClassLoader @43da41e)
Which caused the decoding jwt does not work. Not sure where is wrong in my config. I use Auth0/Spring before but not encountered this issue.
I just configured an issuerUri in Spring Security resource server to discover the Oauth/Oidc config, I need to use other config in Auth0, eg. jwsUris , publicKeyUri etc.