THALES GROUP LIMITED DISTRIBUTION to email recipients Hello again,
I added the typ but it doesn't work. Normally the alg value should be RS256 or RS384 (my try) and not RSA256 or RSA384 according to the spec. But I will try anyway with RSA384 instead of RS384 but I have some doubts that it could work. More I have a look at the AlgorithmIdentifiers.java from this library and there is no RSA stuff in there. Even more the JWT library included in TomEE 9.1.2 is the same than the one I use to generate my signed JWT. The doubt I have is confirmed, I can't compile my source code with this line : JsonWebSignature jws = new JsonWebSignature(); ... jws.setAlgorithmHeaderValue("RSA256"); or jws.setAlgorithmHeaderValue("RSA384"); I am only allowed to do this: jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); // AlgorithmIdentifiers.RSA_USING_SHA256 is RS256 jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA384); // AlgorithmIdentifiers.RSA_USING_SHA384 is RS384 jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA512); // AlgorithmIdentifiers.RSA_USING_SHA512 is RS512 Best Regards. -----Original Message----- From: Tichov Zoltán <tichov.zol...@falconsoft.hu> Sent: jeudi 4 avril 2024 11:48 To: users@tomee.apache.org Subject: Re: JWT issue TomEE 9.1.2 micro-profile flavor Hi Francois! I think that the "alg" : "RSA256" is more important in the token header than the "type". Best regards: Zoltán 2024. 04. 04. 11:42 keltezéssel, COURTAULT Francois írta: > > THALES GROUP LIMITED DISTRIBUTION to email recipients > > Hello Zoltan, > > I don't know why I have written Victor in my previous post ☹ > > Sorry about that. > > Your point is that typ field is missing in my signed JWT header, right ? > > I was believing that this one is not mandatory. > > Looking at microprofile-jwt-auth-spec-2.0.pdf, typ is recommended but > not required. > > Anyway I will try and let you know. > > Best Regards. > > *From:*Tichov Zoltán <tichov.zol...@falconsoft.hu> > *Sent:* jeudi 4 avril 2024 11:34 > *To:* users@tomee.apache.org > *Subject:* Re: JWT issue TomEE 9.1.2 micro-profile flavor > > Hi Francois! > > Try to generate the token with "alg" : "RSA256" and "type" : "JWT". > > Best regards: > > Zoltán > > 2024. 04. 04. 11:18 keltezéssel, COURTAULT Francois írta: > > THALES GROUP LIMITED DISTRIBUTION to email recipients > > Hello Victor, > > I use this library: > > <dependencies> > > <dependency> > > <groupId>org.bitbucket.b_c</groupId> > > <artifactId>jose4j</artifactId> > > <version>0.9.6</version> > > </dependency> > > </dependencies> > > to create the JWT. > > Best Regards. > > -----Original Message----- > > From: Tichov Zoltán<tichov.zol...@falconsoft.hu> > <mailto:tichov.zol...@falconsoft.hu> > > Sent: jeudi 4 avril 2024 11:06 > > To:users@tomee.apache.org > > Subject: Re: JWT issue TomEE 9.1.2 micro-profile flavor > > Hi Francois! > > How did you generate the token? > > Best regards > > 2024. 04. 04. 10:38 keltezéssel, COURTAULT Francois írta: > > THALES GROUP LIMITED DISTRIBUTION to email recipients > > Hello everyone, > > I built a war with a class which extends Application and > annotated > > with @LoginConfig(authMethod = "MP-JWT") I have created a > signed JWT > > which is OK when I validated it (public key provided) using > jwt.io web > > site > > I want to test this signed JWT with my war. > > In this one, under META-INF, I have created a > > microprofile-config.properties with the following entries > > mp.jwt.verify.publickey=MIIBojANBgkqhkiG9w0BAQEFAAO... (the > same > > public key that I have used to validate the signed JWT using > jwt.io > > web site) mp.jwt.verify.issuer=https://server.example.com > > Then I run a curl with -H "Authorization: Bearer > > eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey ..." (the same > signed JWT I used on jwt.io web site) I got this: > > * at client side: ...HTTP Status 401 - Unauthorized ... > Invalid or not parsable JWT > > * at server side: > > 04-Apr-2024 10:14:31.255 WARNING [http-nio-8080-exec-5] > org.apache.tomee.microprofile.jwt.MPJWTFilter$ValidateJSonWebToken.parse JWT > processing failed. Additional details: [[17] Unable to process JOSE object > (cause: org.jose4j.lang.InvalidKeyException: The given key (key is null) is > not valid for SHA384withRSA): > JsonWebSignature{"kid":"abc-1234567890","alg":"RS384"}-> > eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey... > > What's wrong ? > > Best Regards. > >