I followed the following guide to setup a JHipster generated Gateway with Amazon Cognito: https://blog.ippon.tech/aws-cognito-and-jhipster-for-the-love-of-oauth-2-0/
I got the gateway working great and I'm able to log in into the admin module using Cognito however I am not able to invoke any of the microservices. Any attempt is met with the following error:
java.lang.NullPointerException: null at com.test.security.oauth2.AudienceValidator.validate(AudienceValidator.java:26) at com.test.security.oauth2.AudienceValidator.validate(AudienceValidator.java:13) at org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator.validate(DelegatingOAuth2TokenValidator.java:67) at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.validateJwt(NimbusJwtDecoder.java:165) at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.decode(NimbusJwtDecoder.java:126) at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.authenticate(
Debugging show that audience variable is null in the following code:
public OAuth2TokenValidatorResult validate(Jwt jwt) {
List<String> audience = jwt.getAudience();
if (audience.stream().anyMatch(allowedAudience::contains)) {
return OAuth2TokenValidatorResult.success();
} else {
log.warn("Invalid audience: {}", audience);
return OAuth2TokenValidatorResult.failure(error);
}
}
I've configured the microservice's application.xml with the following:
security:
oauth2:
client:
provider:
oidc:
issuer-uri: https://cognito-idp.us-east-1.amazonaws.com/[secret]
registration:
oidc:
client-id: [secret]
client-secret: [secret]
Has anyone been able to successfully run a jHipster generated microservices platform with Amazon Cognito? Any help would be greatly appreciated.
AWS Cognito doesn't include the audience in the access token so the validate methods must be updated.
More details can found here: https://github.com/Falydoor/cognito-jhipster/issues/1#issuecomment-594753033