Spring Cloud Gateway Azure User token verification
For my backend of few microservices I have API gateway (Spring Cloud Gateway) where I wanna verify if azure token user send from frontend is valid befor routing microservice. So far I get only 401 response whether I add valid token or not.
My security config class:
@EnableWebFluxSecurity
public class SecurityConfiguration {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeExchange(exchanges -> exchanges
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(withDefaults())
);
return http.build();
}
}
Application.properties
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://login.microsoftonline.com/{tenant_id}/v2.0
pom.xml
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-active-directory-b2c</artifactId>
</dependency>
Somehow I cannot find any help for scenerio when I already have access token and only wanna validate it on gateway before passing to services.
If the login / authentication is through azure active directory, please check to add the following com.azure.spring : spring-cloud-azure-starter-active-directory maven dependency to the pom.xml file.
<dependency>
<groupId>com.azure.spring</groupId>
<artifactId>spring-cloud-azure-starter-active-directory</artifactId>
<version>4.3.0</version>
</dependency>
- Also please make sure , that if the issuer after decoding the token
has
v2 endpoint,accessTokenAcceptedVersionshould be set to 2 otherwise it is to be set to 0 or 1
Also try to give some time and please check the decoded token has audience equal to clientId or appId uri of the application and if scopes are granted admin consent.
Also please check this SO reference