Sorry if there is another question that addressed this please let me know but I was not able to find anything.
I have a SPA an API and a Spring Boot backend that is configured using instructions from here: Secure your Single Page Apps (SPAs) with Spring Boot and OAuth 2.0
The problem that I have is if I login using the SPA and get an access_token , when I send that access token to the Spring Backend I am getting a 401 Unauthorised with body:
{
"error": "invalid_token",
"error_description": "Invalid access token: <Access-Token>"
}
And a response header:
WWW-Authenticate: Bearer realm="https://<My-Custom-Domain>.com/api", error="invalid_token", error_description="Invalid access token: <Access-Token>"
My Spring configuration:
auth0:
domain: auth0.<My-Custom-Domain>.com
clientId: ************
security:
oauth2:
resource:
id: https://<My-Custom-Domain>.com/api
jwk:
keySetUri: https://auth0.<My-Custom-Domain>.com/.well-known/jwks.json
SpringSecurity class:
@Value("${spring.security.oauth2.resource.id}")
private String resourceId;
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers("/api/public").permitAll()
.mvcMatchers("/api/**").authenticated()
.anyRequest().permitAll();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(resourceId);
}
SPA config:
const [isLoading, setLoading] = useState(true);
const [domain, setDomain] = useState();
const [clientID, setClientID] = useState();
const [audience, setAudience] = useState();
useEffect(() => {
axios.get("http://localhost:8080/config")
.then( (response) => {
setDomain(response.data.domain);
setClientID(response.data.clientID);
setAudience(response.data.audience);
setLoading(false);
});
}, []);
SPA configuration on dashboard:
The clientId on the dashboard matches the one used in the spring config
I also have a custom domain configured on my tenant.
I am not sure if this is correct though: keySetUri: https://<My-Custom-Domain>.com/.well-known/jwks.json
Thank you very much.