I am facing trouble validating the access token that is generated by my auth server I used java key tool to generate jks file and use it to sign the token and I am trying to verify the token using https://jwt.io/ site. but it is always giving invalid signature
Could someone point out what is the error here?
@Override
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager)
.accessTokenConverter(defaultAccessTokenConverter());
}
@Bean
public TokenStore tokenStore() {
//return new JwtTokenStore(defaultAccessTokenConverter());
return new JwtTokenStore(defaultAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter defaultAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setKeyPair(keyPair());
return converter;
}
@Bean
public KeyPair keyPair() {
ClassPathResource ksFile = new ClassPathResource("test.jks");
KeyStoreKeyFactory ksFactory = new KeyStoreKeyFactory(ksFile, "k12345".toCharArray());
KeyPair keyPair = ksFactory.getKeyPair("testk");
return keyPair;
}
Token generated by the auth server
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjI3NzgxNTUwODUsInVzZXJfbmFtZSI6InNhbWFuIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6IjM4YzkyMzJjLWFlYzAtNDcwNS1iM2Q3LTVlZTM5ZTc1YjhjMSIsImNsaWVudF9pZCI6InNhbWFuIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl19.H0zbOZSsZrrVNRb_U6WTd5vyL8x5egM7FUuzblhqshQMwQ8V_1ng7EQJwB88RuRfBHp0ndGsY2GxAxD6todJv4wv6-rNxn9cvWof6p_f2HdvANeeJi7TyURw4eQVy3jIBdSJIYr9aLnZ9MIg_WTVU8sdA_udQTXDC9dxZOKUiVUfnN3Xgn5rRtJTFbKZXvDD-3IJr5zOPWA7ZTcTrWuoDMqcY5abs4VH6YajxUiKjMFSynDxZOUCeQpbNteswJY2ujMBWbi2tp2YIUdARf4RhaFuoqY7tUeU2U0xh1LmVxbC7_2FIdLf5sjKdJHrC5uYm9byF3tQmfxTgMOjmosjDw
Retrieve Public key
@RestController
public class TestController {
@GetMapping("/pub/pubkey2")
public String keys3() {
ClassPathResource ksFile = new ClassPathResource("test.jks");
KeyStoreKeyFactory ksFactory = new KeyStoreKeyFactory(ksFile, "k12345".toCharArray());
KeyPair keyPair = ksFactory.getKeyPair("testk");
PublicKey pubKey = keyPair.getPublic();
String key = Base64.encode(pubKey.getEncoded()).toJSONString();
return key;
}
}
From the screenshot you shared, I unfortunately can't identify what the input string looks like that you posted into the "Public Key" field at jwt.io. However, given the "TestController" code you posted, I assume you pasted a Base64 encoded version of your public RSA key. As far as I can read, jwt.io expects you to enter the key in plain text.
Given that you use Springboot, I recommend you to write a simple test to assert signing and verifying your JWTs works as you expect it to work. This approach will also help you with debugging your code/ identifying your issue without having to use an external service like jwt.io.
Sidenote: Before implementing your own version of some public key exchange endpoints and protcol, I suggest to have a look at the JSON Web Key (JWK) specification (RFC 7517).
