THALES GROUP LIMITED DISTRIBUTION to email recipients Hello Victor,
I use this library: <dependencies> <dependency> <groupId>org.bitbucket.b_c</groupId> <artifactId>jose4j</artifactId> <version>0.9.6</version> </dependency> </dependencies> to create the JWT. Best Regards. -----Original Message----- From: Tichov Zoltán <tichov.zol...@falconsoft.hu> Sent: jeudi 4 avril 2024 11:06 To: users@tomee.apache.org Subject: Re: JWT issue TomEE 9.1.2 micro-profile flavor Hi Francois! How did you generate the token? Best regards 2024. 04. 04. 10:38 keltezéssel, COURTAULT Francois írta: > THALES GROUP LIMITED DISTRIBUTION to email recipients > > Hello everyone, > > I built a war with a class which extends Application and annotated > with @LoginConfig(authMethod = "MP-JWT") I have created a signed JWT > which is OK when I validated it (public key provided) using jwt.io web > site > > I want to test this signed JWT with my war. > In this one, under META-INF, I have created a > microprofile-config.properties with the following entries > mp.jwt.verify.publickey=MIIBojANBgkqhkiG9w0BAQEFAAO... (the same > public key that I have used to validate the signed JWT using jwt.io > web site) mp.jwt.verify.issuer=https://server.example.com > > Then I run a curl with -H "Authorization: Bearer > eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey ..." (the same signed > JWT I used on jwt.io web site) I got this: > > * at client side: ...HTTP Status 401 - Unauthorized ... Invalid or not > parsable JWT > * at server side: > 04-Apr-2024 10:14:31.255 WARNING [http-nio-8080-exec-5] > org.apache.tomee.microprofile.jwt.MPJWTFilter$ValidateJSonWebToken.parse JWT > processing failed. Additional details: [[17] Unable to process JOSE object > (cause: org.jose4j.lang.InvalidKeyException: The given key (key is null) is > not valid for SHA384withRSA): > JsonWebSignature{"kid":"abc-1234567890","alg":"RS384"}-> > eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey... > > What's wrong ? > > Best Regards. > > > >