spring - Spring [Boot] Security and Oracle IDCS: [invalid_id_token] 尝试解码 Jwt: Malformed Jwk set 时出错
问题描述
从 JWK Set URI 获取签名密钥后,Spring Security 给我“[invalid_id_token] 尝试解码 Jwt: Malformed Jwk set 时发生错误” 。签名密钥如下所示。我正在使用 Spring Security 5.3.3.RELEASE。
{
"keys":[
{
"x5t#S256":"_wJqnmEgaue0Hrr5C6WXbQKomIOcacggUeRlnGP0LBA",
"x5t":"v1UrKX9lqCSfldbxprXRM7BoT9o",
"key_ops":[
"verify",
"encrypt"
],
"e":"AQAB",
"kty":"RSA",
"x5c":[
"MIIDXzCCAkegAwIBAgIGAWON6zpnMA0GCSqGSIb3DQEBCwUAMFcxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZvcmFjbGUxFTATBgoJkiaJk/IsZAEZFgVjbG91ZDERMA8GA1UEAxMIQ2xvdWQ5Q0EwHhcNMTgwNTIzMTY1MzEzWhcNMjgwNTIzMTY1MzEzWjBWMRMwEQYDVQQDEwpzc2xEb21haW5zMQ8wDQYDVQQDEwZDbG91ZDkxLjAsBgNVBAMTJWlkY3MtMTkxODA4ZWJmMjYzNGRkMjlhTVmYmE1OTNjYjM5MjgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDolwZa1Wph/sk++3pcYpXfA8F8UMIOQEIhvGCPVes94VEnN1mqjMsKujgSmYv1xwAq6CkbkAcMUuE8CfRSq7inUwxcq+honqrr+teNcr3moVqbx4oVvnLYZ6iolvOEKgSLxWPxVSEu36NCJkkk+kbvlNZaj/Y5e/3ckDUsQdDSUZChnvpEdoe9uOSQ061zyDRVWy+jebkwH3+TyfnkxMbHOC3FfrPqojJDH9+kkvYChV35PzAujc7IjoORVFoZmxesH8itnRdaKBvvO0fEm9qrMKbGRrL4u/IcImqjLmchdID51TYWsG5YDhfMhHpwtj5qYfoZnze7b+RaphYTx2VjAgMBAAGjMjAwMB0GA1UdDgQWBBTSLFImznmWM1VIrb8XlODSudEDszAPBgNVHQ8BAf8EBQMDB9gAMA0GCSqGSIb3DQEBCwUAA4IBAQAdy1jSdrU+U/+1KEsOBV6k+XnamArY8sjvJ/A9fwPG6eJSL6Y5QrpA54ZJ+Ey4/quFABA66R2iNspkALdWs/V4Q8kJ+O63hZ5m2sUJ93Y+nhVVB7DTF6Q/lGEP6sB8IAYZ05+8rW3Y8hQrQ1i36bw6+Z9Kz9aTY0P8VHUMiyVCms07eEKQICepTa5kKHRjotrh/aNrXRCt0vS0BJoZ5K6ptBljyPmi/opCB6OzgY1y7/Mqj6H9Gz04521rdzQpNgHonCU3nZQPvGbr0D1QFtOBTDyNWCCvJFNlQpVX5O4BGd0OMGDTpwXaTpEaeJwiPzHEOMP8SC11oMbv+WjQcc4a",
"MIIDdDCCAlygAwIBAgIGAWUDujAHMA0GCSqGSIb3DQEBCwUAMFcxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZvcmFjbGUxFTATBgoJkiaJk/IsZAEZFgVjbG91ZDERMA8GA1UEAxMIQ2xvdWQ5Q0EwHhcNMTcwNTI0MDIwODU0WhcNMzcwNTI0MDIwODU0WjBXMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGb3JhY2xlMRUwEwYKCZImiZPyLGQBGRYFY2xvdWQxETAPBgNVBAMTCENsb3VkOUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQoqftMLyDAj9Yv/uiGLtJ7PJDzk8xs2dwDxyjnuUbnEk4iDjtY2KLNH52Gi7AUtOKPYr5DPYVHBMT7C3C+4A8qoCvTmay+vdc/xLdUUlnWlvgXECaQWnfPhw8rSjqDxC3CzXohIkDFQZ6Ig0JQz2uXDW7FDySMfBGMK0uVbftwXLha8R4g+MW9YH1yAn5a535Xt+on7UO4/i/qtr8b14+eckE3WvNtZKOwTfO3wTnli/IrauKfLJPOsIGnYy4lohr8k1iuJuroNh1bAY2ZJidoo2zz/pTRRBYGJ00Q+NwrnSUVpHk2qV0N9e6KX9v5jL98SdNjRjoQQ8CQGokNRvwIDAQABo0YwRDASBgNVHRMBAf8ECDAGAQH/AgEAMA8GA1UdDwEB/wQFAwMHxAAwHQYDVR0OBBYEFGz5t22twXpL2FbHOOPaGdnLFLpFMA0GCSqGSIb3DQEBCwUAA4IBAQCL1BuOGgpaT0W+Crxo0hVP26VIFdu1n3ykTSK3e7FSHe94m+3RDSPtCy3H8eYAOcZ2dtkcHBmnh2r76eBZb3tFeboqClaYpueYXpQnX5CIsVGqfbuWpyjkcDViP6lIqTGJMv9gzcz/XOi5jbocrj3Hp3WUke+PZeRRdRRjE6xCKFr2Bs8oXjC5XyNfRQWjedFOL8BRIaIkmCwrBkqHtP6ePAxMtjb6UFdRo0H0OFy8GQrBMVZpfnPAgponq9VicRPiKECLZ1cQV8PNrrwIcLHc+FnhFEY+nr0dMR9BDfdV0qjX9WwyveqW0j30FVOi3yVKZNwdSEUTfmCsvhScX99Y"
],
"alg":"RS256",
"n":"6JcGWtVqYf7JPvt6XGKV3wPBfFDCDkBCIbxgj1XrPeFRJzdZqozLCro4EpmL9ccAKugpG5AHDFLhPAn0Uqu4p1MMXKvoaJ6q6_rXjXK95qFam8eKFb5y2GeoqJbzhCoEi8Vj8VUhLt-jQiZJJPpG75TWWo_2OXv93JA1LEHQ0lGQoZ76RHaHvbjkkNOtc8g0VVsvo3m5MB9_k8n55MTGxzgtxX6z6qIyQx_fpJL2AoVd-T8wLo3OyI6DkVRaGZsXrB_IrZ0XWigb7ztHxJvaqzCmxkay-LvyHCJqoy5nIXSA-dU2FrBuWA4XzIR6cLY-amH6GZ83u2_kWqYWE8dlYw",
"kid":"SIGNING_KEY"
}
]
}
堆栈跟踪
org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_id_token] An error occurred while attempting to decode the Jwt: Malformed Jwk set
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.createOidcToken(OidcAuthorizationCodeAuthenticationProvider.java:226) ~[spring-security-oauth2-client-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.authenticate(OidcAuthorizationCodeAuthenticationProvider.java:155) ~[spring-security-oauth2-client-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:185) ~[spring-security-oauth2-client-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160) [spring-security-oauth2-client-5.3.3.RELEASE.jar:5.3.3.RELEASE]
Caused by: org.springframework.security.oauth2.jwt.JwtException: An error occurred while attempting to decode the Jwt: Malformed Jwk set
at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.createJwt(NimbusJwtDecoder.java:152) ~[spring-security-oauth2-jose-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.decode(NimbusJwtDecoder.java:126) ~[spring-security-oauth2-jose-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.createOidcToken(OidcAuthorizationCodeAuthenticationProvider.java:223) ~[spring-security-oauth2-client-5.3.3.RELEASE.jar:5.3.3.RELEASE]
... 48 common frames omitted
我该如何解决?
解决方案
为了最好地帮助您,需要更多信息,但 JWT 被解码(由任何人)并验证签名(使用签名密钥)。您的错误表明问题与解码(不是签名验证)有关,这意味着签名密钥与它无关。错误表示获取的 ID 令牌不是 JWT(因此在解码中出现错误)。为了能够进一步提供帮助,我们需要知道 ID 令牌是如何获得的。
推荐阅读
- r - 以变量值为条件的lappy
- elasticsearch - 从术语列表中匹配至少 1 个术语的正确方法
- c# - 会话在更改其 ID 时丢失键和值
- javascript - VS 代码为任何项目显示 javascript 和 typescript 帮助(智能感知)两次
- c++ - 内部方法但循环仍然得到预期的 unqualified-id 错误 C++
- mysql - 如何将我制作的应用程序部署到服务器?
- javascript - 过滤列脚本谷歌表
- javascript - 使用JS函数代替重复代码
- html - 具有四个 div 的 Flex 容器,需要三列,第二列有两行
- css - 内联块和文本对齐不在同一个 div 中工作