This repository has been archived by the owner on Apr 5, 2022. It is now read-only.
spring.oauth2.resource.jwt.keyUri does not retrieve key from a protected endpoint #59
Comments
william-tran
pushed a commit
to william-tran/spring-cloud-security
that referenced
this issue
Apr 21, 2015
william-tran
pushed a commit
to william-tran/spring-cloud-security
that referenced
this issue
Apr 21, 2015
jannikweichert
pushed a commit
to jannikweichert/spring-cloud-security
that referenced
this issue
Aug 4, 2017
The client id and secret are used if available (per the default implementation of the UAA and any Spring OAuth server). Fixes spring-atticgh-59, fixes spring-atticgh-60.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When configuring
spring.oauth2.resource.jwt.keyUri, if the endpoint is unprotected (eg if the key is a public key) the application will retrieve the key. If the endpoint is protected (eg if the key is a symmetric key) the RestTemplate [1] will throw an HttpClientErrorException: 401 Unauthorized and the application will not start up.We could catch the 401 and try again with the credentials in the ResourceServerProperties, or just use those credentials on the first request.
[1] https://github.com/spring-cloud/spring-cloud-security/blob/f31cb05807bf53355cb22219bc7f5d7300542aea/src/main/java/org/springframework/cloud/security/oauth2/resource/ResourceServerTokenServicesConfiguration.java#L267-L268
The text was updated successfully, but these errors were encountered: