Skip to content

Commit 8264e9d

Browse files
indiepopartindiepopart
committed
updates from revisions
1 parent 0adde95 commit 8264e9d

File tree

1 file changed

+7
-8
lines changed

1 file changed

+7
-8
lines changed

_source/_posts/2024-01-24-spring-boot-authorization.md

+7-8
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ auth0 apis create \
6363
--offline-access=false
6464
```
6565

66-
The scopes `create:items`, `update:items`, `delete:items` will be required ahead in the tutorial.
66+
The scopes `create:items`, `update:items`, `delete:items` will be required ahead in the tutorial.
6767

6868
Next, add the `okta-spring-boot-starter` dependency:
6969

@@ -83,6 +83,8 @@ okta.oauth2.issuer=https://<your-auth0-domain>/
8383
okta.oauth2.audience=https://menu-api.okta.com
8484
```
8585

86+
You can find your Auth0 domain with the following Auth0 CLI command:
87+
8688
```shell
8789
auth0 tenants list
8890
```
@@ -108,17 +110,14 @@ Select any available client when prompted. You also will be prompted to open a b
108110
With curl, send a request to the API server using a bearer access token:
109111

110112
```shell
111-
ACCESS_TOKEN=<auth0-access-token>
112-
```
113-
114-
```shell
115-
curl -i --header "Authorization: Bearer $ACCESS_TOKEN" localhost:8080/api/menu/items
113+
ACCESS_TOKEN=<auth0-access-token> &&\
114+
curl -i --header "Authorization: Bearer $ACCESS_TOKEN" localhost:8080/api/menu/items
116115
```
117-
The request will not be authorized yet, because _This aud claim is not equal to the configured audience_. If the audience is not specified in the`auth0 test token` command, the default value is `https://dev-avup2laz.us.auth0.com/api/v2`, which is the Auth0 Provider management API audience.
116+
The request will not be authorized yet, you will see the error message _This aud claim is not equal to the configured audience_. The error means that the audience contained in the `aud` claim of the access token does not match the expected audience, configured in the server properties. When requesting a token with the`auth0 test token` command, the default audience value is `https://<your-auth0-domain>/api/v2`, which is the Auth0 Provider management API audience.
118117

119118
> NOTE: The Okta Spring Boot Starter autoconfigures the issuer and audience validation from the resource server properties for JWT authorization.
120119
121-
Request a test token again, this time with the required audience:
120+
Request a test token again, this time with the expected audience:
122121
```shell
123122
auth0 test token -a https://<your-auth0-domain>/api/v2/ -s openid -a https://menu-api.okta.com
124123
```

0 commit comments

Comments
 (0)