search

okta / okta-jwt-verifier-java

okta-jwt-verifier-java
https://github.com/okta/okta-jwt-verifier-java
82 stars 39 forks source link

token invalid on back-end after successful login on front-end SPA #38

Closed DimaSol closed 5 years ago

DimaSol commented 5 years ago

Hi, I've been following the quick start guide https://developer.okta.com/quickstart/#/angular/java/spring but keep getting an invalid token exception from spring. I'v double checked that all parameters are as described in the guide, angular widget is working properly and getting an access token but when this access token is being sent to the back-end as a "Authorization: 'Bearer ' + token" header, spring is throwing an invalid token exception after trying to restore it from some internal storage.

I'm attaching below the spring log & stack trace, lmk if any other info is required. Spring security chain log:

o.s.security.web.FilterChainProxy        : /admin/get-list at position 1 of 16 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.security.web.FilterChainProxy        : /admin/get-list at position 2 of 16 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
o.s.security.web.FilterChainProxy        : /admin/get-list at position 3 of 16 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.security.web.FilterChainProxy        : /admin/get-list at position 4 of 16 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/admin/get-list'; against '/logout'
o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /admin/get-list' doesn't match 'POST /logout'
o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /admin/get-list' doesn't match 'PUT /logout'
o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /admin/get-list' doesn't match 'DELETE /logout'
o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
o.s.security.web.FilterChainProxy        : /admin/get-list at position 5 of 16 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/admin/get-list'; against '/oauth2/authorization/{registrationId}'
o.s.security.web.FilterChainProxy        : /admin/get-list at position 6 of 16 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
p.a.OAuth2AuthenticationProcessingFilter : Authentication request failed: error="invalid_token", error_description="Invalid access token: undefined"
o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@3b99c2b1
s.s.o.p.e.DefaultOAuth2ExceptionRenderer : Written [error="invalid_token", error_description="Invalid access token: undefined"] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@498e5da7]
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

Stack trace:

Daemon Thread [http-nio-9999-exec-5] (Suspended)    
    owns: NioEndpoint$NioSocketWrapper  (id=466)    
    DefaultTokenServices.loadAuthentication(String) line: 231   
    OAuth2AuthenticationManager.authenticate(Authentication) line: 83   
    OAuth2AuthenticationProcessingFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 150   
    FilterChainProxy$VirtualFilterChain.doFilter(ServletRequest, ServletResponse) line: 334 
    OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 160   
    OAuth2AuthorizationRequestRedirectFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107 
    FilterChainProxy$VirtualFilterChain.doFilter(ServletRequest, ServletResponse) line: 334 
    LogoutFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 116   
    FilterChainProxy$VirtualFilterChain.doFilter(ServletRequest, ServletResponse) line: 334 
    HeaderWriterFilter.doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 66  
    HeaderWriterFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107   
    FilterChainProxy$VirtualFilterChain.doFilter(ServletRequest, ServletResponse) line: 334 
    SecurityContextPersistenceFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 105   
    FilterChainProxy$VirtualFilterChain.doFilter(ServletRequest, ServletResponse) line: 334 
    WebAsyncManagerIntegrationFilter.doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 56    
    WebAsyncManagerIntegrationFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107 
    FilterChainProxy$VirtualFilterChain.doFilter(ServletRequest, ServletResponse) line: 334 
    FilterChainProxy.doFilterInternal(ServletRequest, ServletResponse, FilterChain) line: 215   
    FilterChainProxy.doFilter(ServletRequest, ServletResponse, FilterChain) line: 178   
    DelegatingFilterProxyRegistrationBean$1(DelegatingFilterProxy).invokeDelegate(Filter, ServletRequest, ServletResponse, FilterChain) line: 357   
    DelegatingFilterProxyRegistrationBean$1(DelegatingFilterProxy).doFilter(ServletRequest, ServletResponse, FilterChain) line: 270 
    ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 193  
    ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 166  
    OrderedRequestContextFilter(RequestContextFilter).doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 99   
    OrderedRequestContextFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107  
    ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 193  
    ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 166  
    OrderedFormContentFilter(FormContentFilter).doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 92 
    OrderedFormContentFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107 
    ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 193  
    ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 166  
    OrderedHiddenHttpMethodFilter(HiddenHttpMethodFilter).doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 93   
    OrderedHiddenHttpMethodFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107    
    ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 193  
    ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 166  
    WebMvcMetricsFilter.filterAndRecordMetrics(HttpServletRequest, HttpServletResponse, FilterChain, Object) line: 154  
    WebMvcMetricsFilter.filterAndRecordMetrics(HttpServletRequest, HttpServletResponse, FilterChain) line: 122  
    WebMvcMetricsFilter.doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 107    
    WebMvcMetricsFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107  
    ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 193  
    ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 166  
    OrderedCharacterEncodingFilter(CharacterEncodingFilter).doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 200    
    OrderedCharacterEncodingFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107   
    ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 193  
    ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 166  
    CorsFilter.doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) line: 96  
    CorsFilter(OncePerRequestFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 107   
    ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 193  
    ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 166  
    StandardWrapperValve.invoke(Request, Response) line: 199    
    StandardContextValve.invoke(Request, Response) line: 96 
    NonLoginAuthenticator(AuthenticatorBase).invoke(Request, Response) line: 490    
    StandardHostValve.invoke(Request, Response) line: 139   
    ErrorReportValve.invoke(Request, Response) line: 92 
    StandardEngineValve.invoke(Request, Response) line: 74  
    CoyoteAdapter.service(Request, Response) line: 343  
    Http11Processor.service(SocketWrapperBase<?>) line: 408 
    Http11Processor(AbstractProcessorLight).process(SocketWrapperBase<?>, SocketEvent) line: 66 
    AbstractProtocol$ConnectionHandler<S>.process(SocketWrapperBase<S>, SocketEvent) line: 770  
    NioEndpoint$SocketProcessor.doRun() line: 1415  
    NioEndpoint$SocketProcessor(SocketProcessorBase<S>).run() line: 49  
    ThreadPoolExecutor(ThreadPoolExecutor).runWorker(ThreadPoolExecutor$Worker) line: 1142  
    ThreadPoolExecutor$Worker.run() line: 617   
    TaskThread$WrappingRunnable.run() line: 61  
    TaskThread(Thread).run() line: 745
DimaSol commented 5 years ago

Wrong repository - opened another ticket at the okta-spring-boot ropository