1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

NimbusReactiveJwtDecoder : with oidcs | BadJOSEException: JOSE header "typ" (type) "at+jwt" not allowed

Issue #480 resolved
Deepak P R created an issue

Hi ,

My outh2 oidc provider uses jwt token type as "at+jwt" .

The NimbusReactiveJwtDecoder is not supporting this type of token.

I am using spring-security-oauth2-jose-5.7.2 with spring cloud gateway version 2021.0.0 ,spring security 5.6 resource server.

Is there a way to customise DefaultJOSEObjectTypeVerifier as provided below (reactive version of decoder) .

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/366/caused-by

Thanks and Regards

Deepak

Comments (2)

  2. Deepak P R reporter

    Can be achieved using below

    NimbusReactiveJwtDecoder        .withJwkSetUri(jwkuri)
        .jwtProcessorCustomizer(processor -> processor.setJWSTypeVerifier(
                new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("at+jwt"))))
        .webClient(webClient())
        .jwsAlgorithm(SignatureAlgorithm.RS256)
        .build();

  3. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Component
JOSE Core
Milestone
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!