THALES GROUP LIMITED DISTRIBUTION to email recipients Hello everyone,
I built a war with a class which extends Application and annotated with @LoginConfig(authMethod = "MP-JWT") I have created a signed JWT which is OK when I validated it (public key provided) using jwt.io web site I want to test this signed JWT with my war. In this one, under META-INF, I have created a microprofile-config.properties with the following entries mp.jwt.verify.publickey=MIIBojANBgkqhkiG9w0BAQEFAAO... (the same public key that I have used to validate the signed JWT using jwt.io web site) mp.jwt.verify.issuer=https://server.example.com Then I run a curl with -H "Authorization: Bearer eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey ..." (the same signed JWT I used on jwt.io web site) I got this: * at client side: ...HTTP Status 401 - Unauthorized ... Invalid or not parsable JWT * at server side: 04-Apr-2024 10:14:31.255 WARNING [http-nio-8080-exec-5] org.apache.tomee.microprofile.jwt.MPJWTFilter$ValidateJSonWebToken.parse JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.InvalidKeyException: The given key (key is null) is not valid for SHA384withRSA): JsonWebSignature{"kid":"abc-1234567890","alg":"RS384"}-> eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey... What's wrong ? Best Regards.
