Signed JWT rejected: Another algorithm expected, or no matching key(s) found

Question

Using Spring Boot OAuth Resource Server starter project, Version - 2.4.4. I'm receiving the below exception, I couldn't find much problem in code as it worked fine in our preprod env but not working in prod environment
Observation so far,
I have checked , and want to confirm if kid received from jwk uri and kid received from token is different , then Is it possible for this exception ? Note , kid is same for token and jwk uri in pre-prod env.
from jwk uri -

from jwt header -

Looked into this code , for key id checking snippet , line no- 253 .. but i couldn't understand further into it.

com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:384) ~[nimbus-jose-jwt-8.20.2.jar:8.20.2]
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:330) ~[nimbus-jose-jwt-8.20.2.jar:8.20.2]
    at org.springframework.security.oauth2.jwt.NimbusJwtDecoder.createJwt(NimbusJwtDecoder.java:153) ~[spring-security-oauth2-jose-5.4.5.jar:5.4.5]

Answer 1

This exception is expected if the kid from your token and the kid from the JWKS endpoint do not match.

Double-check your configuration, it's possible you have a client attempting to use a token from a different issuer (may from your pre-prod).

The JWT should contain an iss field in the body that should help you track down the problem.