Signed JWT rejected: Another algorithm expected, or no matching key(s) found
Using Spring Boot OAuth Resource Server starter project, Version - 2.4.4.
I'm receiving the below exception, I couldn't find much problem in code as it worked fine in our preprod env
but not working in prod environment
Observation so far,
I have checked , and want to confirm if kid received from jwk uri and kid received from token is different , then Is it possible for this exception ? Note , kid is same for token and jwk uri in pre-prod env.
from jwk uri -
from jwt header -
Looked into this code , for key id checking snippet , line no- 253 .. but i couldn't understand further into it.
com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:384) ~[nimbus-jose-jwt-8.20.2.jar:8.20.2]
at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:330) ~[nimbus-jose-jwt-8.20.2.jar:8.20.2]
at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.createJwt(NimbusJwtDecoder.java:153) ~[spring-security-oauth2-jose-5.4.5.jar:5.4.5]
This exception is expected if the kid from your token and the kid from the JWKS endpoint do not match.
Double-check your configuration, it's possible you have a client attempting to use a token from a different issuer (may from your pre-prod).
The JWT should contain an iss field in the body that should help you track down the problem.
- How to increase the maximum length of SpEL expressions in spring boot 3.3.0?
- Need to Read a file from SFTP endpoint with Proxy enabled in apache camel
- CORS with spring-boot and angularjs not working
- Default logging file for spring boot application
- Wiremock dependency not importing classes
- Intermittent Connection Timeout Issues in Java 21/Spring Boot 3.1.6 Application with Multiple API Consumption
- How to persist data in H2 database
- is using DTOs in every case always a good practice?
- How to add custom ApplicationContextInitializer to a spring boot application?
- Patch Request in Java Spring Boot nulls ManyToOne
- Keycloak + SPA as client (Vue) + Spring Cloud Gateway as resource server + Spring Boot Microservices
- How do i access a deployed service's exposed port
- How do I make the update query executed by JdbcPollingChannelAdapter transactional?
- How to configure a TransactionInterceptor equivalent to the @Transactional annotation for use with PollerMetadata advice
- Spring Security - Multiple OAuth2 Identity providers (github and google) work with only one Bean with @Prirmary?
- Use Keycloak Spring Adapter with Spring Boot 3
- Application version does not show up in Spring Boot banner.txt
- how can I access system properties using spring boot and Liquibase changeset yaml file
- package org.springframework.boot does not exist
- How to specify prefix for all controllers in Spring Boot?
- Downloading File from Spring into Angular Gives undefied result
- is there any way to write test cases for repositories in spring boot without using H2 daatabase?
- Why my tomcat do not open when i run spring boot project?
- Spring Data JDBC Firebird dialect not recognized
- Spring Security issue with JWT: Cannot subclass final class JwtAuthenticationProvider
- Why spring boot generates jar or war file with .original extension?
- bean of type 'org.springframework.security.crypto.password.PasswordEncoder' that could not be found
- Eureka client in docker not connecting with Eureka server
- Why do I get a "io.jsonwebtoken.ExpiredJwtException"?
- Null exception @Service in a spring @RestController using constructor injection