Auth0 Home Blog Docs

No AuthenticationProvider found

auth0
java
spring-boot
provider
spring-security

#1

Hi,

I’m using Auth0 in a Spring Boot application. It looks like the Auth0 provider is not found by Spring Security. I find the following line in DEBUG log level.

No AuthenticationProvider found for com.auth0.spring.security.api.authentication.PreAuthenticatedAuthenticationJsonWebToken

2018-10-29 22:20:02.715 DEBUG 25693 --- [nio-8080-exec-2] o.s.s.authentication.ProviderManager     : Authentication attempt using com.auth0.spring.security.api.JwtAuthenticationProvider
2018-10-29 22:20:02.719 DEBUG 25693 --- [nio-8080-exec-2] o.s.b.a.audit.listener.AuditListener     : AuditEvent [timestamp=2018-10-29T21:20:02.719Z, principal=facebook|XXXXXXXXXXXXXX, type=AUTHENTICATION_FAILURE, data={details=com.auth0.jwt.JWTDecoder@165aaa81, type=org.springframework.security.authentication.ProviderNotFoundException, **message=No AuthenticationProvider found for com.auth0.spring.security.api.authentication.PreAuthenticatedAuthenticationJsonWebToken**}]
2018-10-29 22:20:02.721 DEBUG 25693 --- [nio-8080-exec-2] o.s.s.w.a.ExceptionTranslationFilter     : Authentication exception occurred; redirecting to authentication entry point

Authentication is of course failing, saysing “Not a valid token” … which is missleading.

org.springframework.security.authentication.BadCredentialsException: Not a valid token
	at com.auth0.spring.security.api.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:61) ~[auth0-spring-security-api-1.1.0.jar:na]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:354) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:229) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]

I have a simple config

JwtWebSecurityConfigurer
.forRS256(apiAudience, issuer)
.configure(http)
.anonymous().disable()
.authorizeRequests().antMatchers("/api/private/bookings").authenticated()

I’m using Spring Boot 2.0.3.RELEASE.

Looks like the problem has been reported already. The ticket was closed without any solution!!

Could you pleae help? I’m struggling with this since weeks.
Thanks,
O.


#3

I’ve seen this where there’s a clock syncing issue. Can you verify that the server on which you’re running your application has its time synced with NTP? If you are synced to NTP, then we may need to adjust the leeway.