No AuthenticationProvider found

Hi,

I’m using Auth0 in a Spring Boot application. It looks like the Auth0 provider is not found by Spring Security. I find the following line in DEBUG log level.

No AuthenticationProvider found for com.auth0.spring.security.api.authentication.PreAuthenticatedAuthenticationJsonWebToken

2018-10-29 22:20:02.715 DEBUG 25693 --- [nio-8080-exec-2] o.s.s.authentication.ProviderManager     : Authentication attempt using com.auth0.spring.security.api.JwtAuthenticationProvider
2018-10-29 22:20:02.719 DEBUG 25693 --- [nio-8080-exec-2] o.s.b.a.audit.listener.AuditListener     : AuditEvent [timestamp=2018-10-29T21:20:02.719Z, principal=facebook|XXXXXXXXXXXXXX, type=AUTHENTICATION_FAILURE, data={details=com.auth0.jwt.JWTDecoder@165aaa81, type=org.springframework.security.authentication.ProviderNotFoundException, **message=No AuthenticationProvider found for com.auth0.spring.security.api.authentication.PreAuthenticatedAuthenticationJsonWebToken**}]
2018-10-29 22:20:02.721 DEBUG 25693 --- [nio-8080-exec-2] o.s.s.w.a.ExceptionTranslationFilter     : Authentication exception occurred; redirecting to authentication entry point

Authentication is of course failing, saysing “Not a valid token” … which is missleading.

org.springframework.security.authentication.BadCredentialsException: Not a valid token
	at com.auth0.spring.security.api.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:61) ~[auth0-spring-security-api-1.1.0.jar:na]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:354) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:229) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]

I have a simple config

JwtWebSecurityConfigurer
.forRS256(apiAudience, issuer)
.configure(http)
.anonymous().disable()
.authorizeRequests().antMatchers("/api/private/bookings").authenticated()

I’m using Spring Boot 2.0.3.RELEASE.

Looks like the problem has been reported already. The ticket was closed without any solution!!

Could you pleae help? I’m struggling with this since weeks.
Thanks,
O.

I’ve seen this where there’s a clock syncing issue. Can you verify that the server on which you’re running your application has its time synced with NTP? If you are synced to NTP, then we may need to adjust the leeway.

This topic was automatically closed after 14 days. New replies are no longer allowed.