Authorization Failed to authenticate since the JWT was invalid

Yogendra Kapoor 1 Reputation point
2022-05-02T13:26:01.947+00:00

Hi,
I am working on one poc, where users are supposed to give me their username and password to authenticate from one of my microservice. My backend creates users in azure ad through graph apis.
Now what I am trying to do is, i user MSAL4J library to authenticate my users with username and password, and i provide them their idToken and accessToken

there's an another microservice, which generate some report. I am trying to secure it with oauth2 access token. My spring boot application says
Failed to authenticate since the JWT was invalid
Did not store empty SecurityContext
Cleared SecurityContextHolder to complete request

This the application.yml code
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: ${JWT_ISSUER_URI:https://sts.windows.net/<tenantId>/}

and spring security dependencies that i have in my application are
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>

I tried to acquire this access from https://login.microsoftonline.com/organizations/oauth2/v2.0/token postman api call also, that gives me idToken, accessToken, refreshToken

url encoded parameters that i pass in this request are

client_id:
scope:user.read openid profile offline_access
client_secret:
username:
password:
grant_type:password

Please help me to resolve this scenario.

My Security Configuration in Spring Boot application
@configurationtest
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override  
protected void configure(HttpSecurity http) throws Exception {  
	http.cors().and() // (1)  
			.authorizeRequests().anyRequest().authenticated() // (2)  
			.and().oauth2ResourceServer().jwt(); // (3)  
}  

}

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,557 questions
{count} votes