我使用auth 0-angular获取getAccessTokenSilently(),并使用authorization: Bearer blablabla将access_token发送到后端服务器
当我尝试用这个头发出请求时,我的Spring安全配置开始抛出错误。
我得到的错误:
Caused by: org.springframework.security.oauth2.jwt.JwtException: An error occurred while attempting to decode the Jwt: class com.nimbusds.jose.JWEHeader cannot be cast to class com.nimbusds.jose.JWSHeader (com.nimbusds.jose.JWEHeader and com.nimbusds.jose.JWSHeader are in unnamed module of loader 'app')安全配置:
@EnableWebFluxSecurity
@Configuration
public class SecurityConfig {
@Value("${spring.security.oauth2.resourceserver.jwk.issuer-uri}")
private String issuerUri;
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http){
http.authorizeExchange()
.pathMatchers(HttpMethod.GET,"/inventory/**").authenticated()
.anyExchange().authenticated()
.and()
.oauth2ResourceServer()
.jwt();
return http.build();
}
@Bean
public ReactiveJwtDecoder jwtDecoder() {
return ReactiveJwtDecoders.fromOidcIssuerLocation(issuerUri);
}
}我的设置有问题吗?我从https://auth0.com/blog/introduction-getting-started-with-spring-webflux-api/开始遵循spring设置
另外,这也是我从auth 0 sdk获取无效访问令牌的方法。
test(){
this.auth.getAccessTokenSilently({"authorizationParams": {"redirectUri": "http://localhost:4200","audience": "https://dev-wwoccmoasz15dfgd.us.auth0.com/userinfo", "scope": "openid profile"}})
.subscribe(a => {
console.log(a);
})
}
1条答案
按热度按时间l7mqbcuq1#
你是否配置了Angular来发送audience参数?如果没有,返回的访问令牌不是JWT。你可以将访问令牌复制/粘贴到jwt.io来查看它是否有效。下面是配置audience的样子。