Hi @Ashish Pukale ,
Thanks for reaching out.
I understand you are trying to validate the access token using spring boot security.
Access tokens are signed by Azure AD and application should check if their signature is correct. Azure AD has an endpoint with the public key to do so, which we have to configure in application.
A first option is to configure the issuer URI so that it can find the correct endpoint in the discovery document. The discovery document is a convenience endpoint where a lot of the client configuration can be found, including the web keys endpoint.
You can find the discovery document by appending .well-known/openid-configuration to the issuer URI.
application.properties
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://login.microsoftonline.com/<<<tenant_id>>>/v2.0/
Alternatively, you can search the keys endpoint ourselves in the discovery document and then provide this JSON web key (JWK) endpoint straight away:
application.properties
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://login.microsoftonline.com/<<<tenant_id>>>/discovery/v2.0/keys
Please find the reference to implement security config in java to validate the token
https://github.com/Azure-Samples/ms-identity-java-webapi/blob/edbd399155341556e3871065d1b8b4be2e9cbce0/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java
Hope this will help.
Thanks,
Shweta
----------------------------------
Please remember to "Accept Answer" if answer helped you.