Spring boot JWE not configured

Please include the following information in your post:

  • Which SDK this is regarding: e.g. Spring boot
  • SDK Version: e.g. 2.5.5
  • Platform Version: e.g. OpenJDK 17
  • Error Messages/: WWW-Authenticate: Bearer error=“invalid_token”, error_description=“An error occurred while attempting to decode the Jwt: Encrypted JWT rejected: No JWE key selector is configured”

For some reason, when moving to OpenJDK 17 from 1.8 SpringBoot can no longer decode the JWT access token. I always get the NO JWE key selector is configured.

I applied the same spring boot config as before (the one that is working now) and even the applied the same config as provided in your DOC page here:

Is this a configuration that I need to change in my Auth0 console page?

Is this a feature request or bug report? : This is a question

Hi @robert8,

Welcome to the Auth0 Community!

It looks like you may be receiving an opaque token. This happens when you don’t pass an audience parameter with your request to authorize. Can you see if you were previously passing an audience param and haven’t been passing it in your new config?

If not, can you please post an example of the token you are seeing?

1 Like

Hi. I got the same issue. I followet this guide Auth0 Spring Boot API SDK Quickstarts: Authorization and used OpenJDK8, SpringBoot 2.3.0 with Spring Security 5
My goal is to make my rest-api service secured, all requests to service must contains Authorization header with bearer token.
I use Postman to get token from auth0:

The token i received contains Access Token and id_token sections:

Access token after decoding looks like:

  "alg": "dir",
  "enc": "A256GCM",
  "iss": "https://dev-98njlbfr.us.auth0.com/"

id_token contains user metadata (nikcname, email, picture, iss, sub, aud…).

When i send request with access token in Authorization Header i got 401. After debugging i noticed that the jweKeySelector is null and in produces BadJOSEException(“Encrypted JWT rejected: No JWE key selector is configured”)
What am i doing wrong?

Hi @lexakimov,

That header looks like an encrypted token, and you should only get these when you aren’t passing a valid audience.

Is the http://java-backend/ a valid API Identifier you have registered in Auth0?

Thanks Dan,

That was indeed the issue. My SPA/PWA was indeed. not configured properly to access my updated set of API.

Thx !


Glad we were able to figure it out!