Validating Bearer token in Spring returns malformed url


I have a SPA and an API that trust each other and share the Auth0 client properties. I followed the example from . The SPA successfully logs in and sends Bearer access tokens for the API to check and validate the authorization. The issue is that the API (written in Spring Boot + Spring Security 5) rejects the token saying it’s malformed. I did some debugging and the issue appears when Spring wants to update the jwkSet from the URL specified under . The value of this property is the domain of the Auth0 tenant but when the URL is actually being hit, it returns this page:

I think the 01-authorization example is missing something, like providing properties to login to that domain so spring can get the jwtk set.