I builded two microservices applications with jhipster (4.14.5), today i updated the both to 5.1.0. With jhister-registry last docker image (4.0.0)
All work as expected but the API Calls with jwt signature doesnt work anymore.
MyRequestInterceptor
@Override
public void apply(RequestTemplate requestTemplate) {
String secret= Jwts.builder()
.setSubject("admin")
.claim("auth", AuthoritiesConstants.ADMIN)
.signWith(SignatureAlgorithm.HS512, properties.getSecurity().getAuthentication().getJwt().getSecret())
.compact();
requestTemplate.header(JWTConfigurer.AUTHORIZATION_HEADER, "Bearer " + secret);
}
What is new in jhipster 5.1.0 with JWT? should i change the algorithm signature or how to fix this?
Yes we changed the way the secret key is handled, have a look at the source code here.
The difference is that now the JWT secret key is encoded in Base64 (that's why we create the encoder here).
This is originally my fault: the .signWith() method from JJWT accepts a String, so I was just giving the secret key (which is a String). But if you look at the documentation of the method, you'll notice that this String should be encoded in Base64. So now you have to use the encoded version of the secret key everywhere. It doesn't change anything in the end, in fact, but it's just to use the API correctly.