Spring Security, 401 when following quick start guide

I have followed the quick start guide on spring security to implement Auth0 according to this page: Auth0 Spring Boot API SDK Quickstarts: Authorization

However, when I test it, all links under .antMatchers .authenticated and .hasAuthority is getting 401 error, even though I am requesting with a bearer header? Below is the curl request (I am using windows). I copied the token from the ‘test’ tab in the API.

    curl -H ${'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1ERkJPRGxETkRNeFJqRTVSa

k01UXpBME9UUkRSVFl6TmpoRVFUWkdSalJFTWpsRFJEZzJNZyJ9.eyJpc3MiOiJodHRwczovL2h1Z29rZXVuZy5ldS5hdXRoMC5jb20vIiwic3ViIjoiMERS
aHhUREFrd0RxaHhnc3l4bHVVc3RDWHI3ZGZYR3lAY2xpZW50cyIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hcGkiLCJpYXQiOjE1NDg0NjU4MDAs
ImV4cCI6MTU0ODU1MjIwMCwiYXpwIjoiMERSaHhUREFrd0RxaHhnc3l4bHVVc3RDWHI3ZGZYR3kiLCJzY29wZSI6InJlYWQ6aGlzdG9yeSIsImd0eSI6ImNs
aWVudC1jcmVkZW50aWFscyJ9.a1CL-GnUfloOeW2-pgsW0-9DI3oItWy8D6x1OOR2I9qfBCImKFNBgoyaAZ1pMcaxWe9X5OOLrMJ9Hk1QtjnOpHC0blljMQi
IxFAXHqXtYFBtG2-2MakpNfqfZwWfEoU50Xv3CMwuctgqlFt53Fn4dc-83_ITkUPse2Dm0318dD0qyeltfNsqxwsb6egdNJXBEi6xZp4BO_N4qtuIJHNGG2M
GlAwoAd-M6OIebAfJA_sgBGw_M-YoCuMZGfDV8SADnF4rBMqAWBM9mhPi2z7hV_Edo6uzln3mCIdMDEJ0IbuNtW24jcJSxIhZU-dNSIu6R24877xQ6NSHh3U
mwut8xg’} http://localhost:8080/api/positions/all

I have already made sure that the auth0.apiAudience and auth0.issuer matched the one in the API.
I have tried accessing the .permitAll end point and it worked just fine.
Is there an important step that I missed?

Hi there @Hugi, I wanted to reach out and see if I can snag a HAR file from you when you are receiving the 401 error along with your tenant name? This will allow us to take a deeper look at what’s going here when you are experiencing this issue. Thanks in advance!

I wanted to touch base and see how things are coming on obtaining that HAR file. Please let us know if you have any questions.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.