I'm getting this error when I try to process a JWT using ConfigurableJWTProcessor:
Required JOSE header typ (type) parameter is missing
I've already set the typ parameter in the header as it's specified in the docs but it doesn't work: https://connect2id.com/products/nimbus-jose-jwt/examples/validating-jwt-access-tokens
Here is the method where I configure the JwtProcessor:
private void configureJwtProcessor() throws MalformedURLException {
jwtProcessor = new DefaultJWTProcessor<>();
jwtProcessor.setJWSTypeVerifier(
new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("id_token+jwt"))); // Setting the "typ" header
String jwkUrl = String.format(this.cognitoConfiguration.getJwkUrl(),
this.cognitoConfiguration.getRegion(), this.cognitoConfiguration.getUserPoolId());
String issuer = String.format(this.cognitoConfiguration.getIssuerUrl(),
this.cognitoConfiguration.getRegion(), this.cognitoConfiguration.getUserPoolId());
JWKSource<SecurityContext> keySource = JWKSourceBuilder
.create(new URL(jwkUrl))
.retrying(true)
.build();
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWSKeySelector<SecurityContext> keySelector = new JWSVerificationKeySelector<>(
expectedJWSAlg,
keySource);
jwtProcessor.setJWSKeySelector(keySelector);
jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<>(
new JWTClaimsSet.Builder().issuer(issuer).build(),
new HashSet<>(Arrays.asList(
JWTClaimNames.SUBJECT,
JWTClaimNames.ISSUED_AT,
JWTClaimNames.EXPIRATION_TIME,
"scp",
"cid",
"cognito:groups",
JWTClaimNames.JWT_ID))));
}