THALES GROUP LIMITED DISTRIBUTION to email recipients
Hello Victor,
I use this library:
<dependencies>
<dependency>
<groupId>org.bitbucket.b_c</groupId>
<artifactId>jose4j</artifactId>
<version>0.9.6</version>
</dependency>
</dependencies>
to create the JWT.
Best Regards.
-----Original Message-----
From: Tichov Zoltán <tichov.zol...@falconsoft.hu>
Sent: jeudi 4 avril 2024 11:06
To: users@tomee.apache.org
Subject: Re: JWT issue TomEE 9.1.2 micro-profile flavor
Hi Francois!
How did you generate the token?
Best regards
2024. 04. 04. 10:38 keltezéssel, COURTAULT Francois írta:
> THALES GROUP LIMITED DISTRIBUTION to email recipients
>
> Hello everyone,
>
> I built a war with a class which extends Application and annotated
> with @LoginConfig(authMethod = "MP-JWT") I have created a signed JWT
> which is OK when I validated it (public key provided) using jwt.io web
> site
>
> I want to test this signed JWT with my war.
> In this one, under META-INF, I have created a
> microprofile-config.properties with the following entries
> mp.jwt.verify.publickey=MIIBojANBgkqhkiG9w0BAQEFAAO... (the same
> public key that I have used to validate the signed JWT using jwt.io
> web site) mp.jwt.verify.issuer=https://server.example.com
>
> Then I run a curl with -H "Authorization: Bearer
> eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey ..." (the same signed
> JWT I used on jwt.io web site) I got this:
>
> * at client side: ...HTTP Status 401 - Unauthorized ... Invalid or not
> parsable JWT
> * at server side:
> 04-Apr-2024 10:14:31.255 WARNING [http-nio-8080-exec-5]
> org.apache.tomee.microprofile.jwt.MPJWTFilter$ValidateJSonWebToken.parse JWT
> processing failed. Additional details: [[17] Unable to process JOSE object
> (cause: org.jose4j.lang.InvalidKeyException: The given key (key is null) is
> not valid for SHA384withRSA):
> JsonWebSignature{"kid":"abc-1234567890","alg":"RS384"}->
> eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey...
>
> What's wrong ?
>
> Best Regards.
>
>
>
>
