Quarkus Custom JWT Validation

Question

I'm working on a migration from JHipster to Quarkus 2. In the current project, using JHispster, we have a custom way to build our JWT Token. Basically it's a kind of basic auth which give a JWT token we need to use on all our next http call. This token is sign by a phrasepass (not RSA or something like this just a plaintext). We have few api which use this token as authorization, we currently use exactly the same jhispster code to validate the token. Now we are moving on Quarkus one of those APIs I need to validate the JWT token.

I saw here: https://quarkus.io/guides/security-jwt#create-jsonwebtoken-with-jwtparser that there is a JWTParser which looks to do the job, but I don't know how to configure this phrasepass.

For example I tried this configuration:

smallrye.jwt.verify.key-format=JWK_BASE64URL
smallrye.jwt.verify.key.location=/secret.txt

(The secret.txt file is in my src/main/resources folder.)

When I call the API I have this issue:

org.jose4j.lang.UnresolvableKeyException: SRJWT07004: Failed to load a key from the key content while resolving

Any suggestions?

Answer 1

I worked with Quarkus 2.0 a few months ago and also had some issues in regards to JWT. For some reason it doesn't actually load the JWT tokens from the files. Migrating to a newer version of Quarkus fixed my problem. I'm not sure if it's a bug, but try to migrate to Quarkus 2.2.2. If that doesn't work try an older version like 1.11 or 1.7.