I realized that It were because of different algorithm types. spring
resource server uses hmacsha256 default when using symmetric key, but cas
sends hmacsha512. so i updated accessTokenConverter() method like below;
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
hello, is there anybody that verify jwt with spring resource server? i have
configuration like this. when i use custom oauth2 server, it works well.
but when i change to cas oauth2 server, it cannot verify jwt.
cas oauth2
cas.authn.token.crypto.enabled=true
Hi all,
I got a similar issue when I try to verify the jwt signature with several
libreries including Node.js jsonwebtoken, since the library allows only
base64url encoded tokens because of mentioned RFC7515.
With java-jwt library the token is correctly verified.
Debugging the code i found in
I think you are seeing the discrepancy due to base64 vs. base64url
decoding. I think the jwt spec. wants base64 url vs. plain base64.
https://en.wikipedia.org/wiki/Base64#URL_applications
On Friday, December 14, 2018 at 9:37:45 AM UTC-6, Devendra Sisodia wrote:
>
> While decoding JWT there is
i'm using io.jsonwebtoken.jjwt library
Jwts.parser().setSigningKey().parseClaimsJws();
Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha
scritto:
>
> Hello,
>
> Big Thanks for sharing configuration and as a result JWT is not encrypted
> and only signed.
>
> But now I
Hello,
Big Thanks for sharing configuration and as a result JWT is not encrypted
and only signed.
But now I face strange issue. when I try to verify signature it fails. I am
using AES and single key to sign and JWT is generated. But the generate JWT
fails signature verification.
JWT generated
yes
###Token/JWT Tickets ENCRIPTION
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.signing-enabled=true
cas.authn.token.crypto.signing.key=
Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g
cas.authn.token.crypto.encryption-enabled=false