I have an authorization server Spring Boot project using Spring Cloud OAuth2. I'm using these beans for JWT:
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter();
tokenConverter.setSigningKey("my-test-jwt-secret");
return tokenConverter;
}
@Bean
public JwtTokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
Login apparently is working fine, but when I run the project, I'm getting this warning:
WARN 16804 --- [main] o.s.s.o.p.t.s.JwtAccessTokenConverter : Unable to create an RSA verifier from verifierKey (ignoreable if using MAC)
How do I get rid of this warning?
A JwtAccessTokenConverter
can be configured to use either a MAC key or a RSA key pair for signature generation and verification.
As the message provided in the warning states, you are probably using a MAC key and not a RSA key pair. As a consequence, it probably will not suppose a problem, but I am afraid that you cannot get rid of the warning due to the way in which the library is implemented.
As you can see in the source code of JwtAccessTokenConverter
, the warning is issued when trying creating a RsaVerifier
for signature verification:
SignatureVerifier verifier = new MacSigner(verifierKey);
try {
verifier = new RsaVerifier(verifierKey);
}
catch (Exception e) {
logger.warn("Unable to create an RSA verifier from verifierKey (ignoreable if using MAC)");
}
The exception is raised in the RsaVerifier
constructor because it is trying parsing the verification key as a RSA public key, when probably you are using a MAC key instead:
public RsaVerifier(String key) {
this(RsaKeyHelper.parsePublicKey(key.trim()), RsaSigner.DEFAULT_ALGORITHM);
}
Here, RsaKeyHelper
will unsuccessfully try parsing the provided key as neither a ssh nor pem key, because it actually is not that type of key.
The value of this verification key is assumed to be the same provided as signing key as argument of the setSigningKey method for MAC keys.
If you are actually working with RSA keys you can use the setVerifierKey
or setKeyPair methods to provide the cryptographic RSA material.