This repository was archived by the owner on May 31, 2022. It is now read-only.
JwtAccessTokenConverter#setSigningKey expects public key instead of private key for RSA signing #893
Labels
Comments
ohr
added a commit
to ohr/spring-security-oauth
that referenced
this issue
Dec 22, 2016
…ng Nimbus lib, also using JWKs
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This seems to be a bug to me for signatures using RSA as they should be done with private key: https://github.com/spring-projects/spring-security-oauth/blob/0f43bb8c0de8be261479dc5d88926821f55468ca/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java#L169
To compare - see also: https://github.com/spring-projects/spring-security-oauth/blob/0f43bb8c0de8be261479dc5d88926821f55468ca/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java#L150
The text was updated successfully, but these errors were encountered: