Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Newer version of com.nimbusds:oauth2-oidc-sdk still needed for spring-boot 2.4 to work

See original GitHub issue
Stack-trace Caused by: java.lang.NoSuchMethodError: com.nimbusds.jwt.JWTClaimsSet.toJSONObject()Lnet/minidev/json/JSONObject; at com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet.parse(JWTAuthenticationClaimsSet.java:166) ~[oauth2-oidc-sdk-8.23.1.jar:8.23.1] at com.nimbusds.oauth2.sdk.auth.JWTAuthentication.<init>(JWTAuthentication.java:139) ~[oauth2-oidc-sdk-8.23.1.jar:8.23.1] at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.<init>(PrivateKeyJWT.java:251) ~[oauth2-oidc-sdk-8.23.1.jar:8.23.1] at com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT.parse(PrivateKeyJWT.java:286) ~[oauth2-oidc-sdk-8.23.1.jar:8.23.1] at com.microsoft.aad.msal4j.ConfidentialClientApplication.createClientAuthFromClientAssertion(ConfidentialClientApplication.java:97) ~[msal4j-1.9.0.jar:1.9.0] at com.microsoft.aad.msal4j.ConfidentialClientApplication.buildValidClientCertificateAuthority(ConfidentialClientApplication.java:89) ~[msal4j-1.9.0.jar:1.9.0] at com.microsoft.aad.msal4j.ConfidentialClientApplication.initClientAuthentication(ConfidentialClientApplication.java:66) ~[msal4j-1.9.0.jar:1.9.0] at com.microsoft.aad.msal4j.ConfidentialClientApplication.<init>(ConfidentialClientApplication.java:56) ~[msal4j-1.9.0.jar:1.9.0] at com.microsoft.aad.msal4j.ConfidentialClientApplication.<init>(ConfidentialClientApplication.java:32) ~[msal4j-1.9.0.jar:1.9.0] at com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder.build(ConfidentialClientApplication.java:144) ~[msal4j-1.9.0.jar:1.9.0] at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.identifyToken(OAuthBearerLoginModule.java:316) ~[kafka-clients-2.6.0.jar:na] at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.login(OAuthBearerLoginModule.java:301) ~[kafka-clients-2.6.0.jar:na] at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) ~[na:na] at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) ~[na:na] at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) ~[na:na] at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na] at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) ~[na:na] at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) ~[na:na] at org.apache.kafka.common.security.oauthbearer.internals.expiring.ExpiringCredentialRefreshingLogin.login(ExpiringCredentialRefreshingLogin.java:204) ~[kafka-clients-2.6.0.jar:na] at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerRefreshingLogin.login(OAuthBearerRefreshingLogin.java:150) ~[kafka-clients-2.6.0.jar:na] at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62) ~[kafka-clients-2.6.0.jar:na] at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:105) ~[kafka-clients-2.6.0.jar:na] at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158) ~[kafka-clients-2.6.0.jar:na] ... 8 common frames omitted

./gradlew dependencies reveals transitive dependencies to com.nimbusds:nimbus-jose-jwt from com.microsoft.azure:msal4j.

Like so:

+--- com.microsoft.azure:msal4j:1.9.0
|    +--- com.nimbusds:oauth2-oidc-sdk:8.23.1
|    |    +--- com.github.stephenc.jcip:jcip-annotations:1.0-1
|    |    +--- com.nimbusds:content-type:2.1
|    |    +--- net.minidev:json-smart:[1.3.1,2.3] -> 2.3
|    |    |    \--- net.minidev:accessors-smart:1.2
|    |    |         \--- org.ow2.asm:asm:5.0.4
|    |    +--- com.nimbusds:lang-tag:1.4.4
|    |    \--- com.nimbusds:nimbus-jose-jwt:8.18 -> 9.1.3
|    |         \--- com.github.stephenc.jcip:jcip-annotations:1.0-1

com.microsoft.azure:msal4j:1.9.0 -> com.nimbusds:oauth2-oidc-sdk:8.23.1 -> com.nimbusds:nimbus-jose-jwt:8.18

But we get com.nimbusds:nimbus-jose-jwt:9.13, I assume because of upgraded dependencies in Springboot 2.4

  • In com.nimbusds:nimbus-jose-jwt:8.18: public static JWTClaimsSet parse(final JSONObject json)
  • In com.nimbusds:nimbus-jose-jwt:9.1.3: public static JWTClaimsSet parse(final Map<String, Object> json)

Conclusion: msal4j need a newer dependency to com.nimbusds:oauth2-oidc-sdk than 8.23.1.

https://github.com/AzureAD/microsoft-authentication-library-for-java/pull/322#issuecomment-772396594

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
Avery-Dunncommented, Feb 25, 2021

@larzza and @baidehig : Sounds good, glad to hear everything is working!

We still might make the changes to support Spring Boot 2.4.2 in case someone definitely needs it, but I’m closing this thread since the library seems to be working fine on other Spring versions. If y’all have any other related issues/questions, feel free to leave a comment or re-open this thread

1reaction
baidehigcommented, Feb 24, 2021

Hi @Avery-Dunn Thanks, it worked with the older JAR(8.23).

Apologies for the comment in the incorrect thread.

Read more comments on GitHub >

github_iconTop Results From Across the Web

[BUG] After upgrading to Spring Boot 2.4, kafka ... - GitHub
[BUG] After upgrading to Spring Boot 2.4, kafka binder stopped working: NoClassDefFoundError: com.nimbusds.oauth2.sdk.http.
Read more >
Caused by: java.lang.RuntimeException: com.nimbusds ...
I was able to solve this by adding apply plugin: 'io.spring.dependency-management' to my build.gradle file, which imported ...
Read more >
JsonUtils: Cannot parse LinkedHashMap<String,Object> to ...
I am using OAuth 2.0 SDK embedded in spring security with Keycloak. ... Spring Boot Security OAuth2 SSO spring.security.oauth2: client: ...
Read more >
JWT vs Opaque Access Tokens: Use Both With Spring Boot
Tutorial: Learn how to use JWT and opaque access with Spring Boot.
Read more >
Spring Boot OAuth2 not working properly on version 1.4.1 ...
[Solved]-Spring Boot OAuth2 not working properly on version 1.4.1-Springboot ... It is really a spring oauth security problem. There is an issue open...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Access token cannot be retrieved if Saxon is default transformer

Next page

Spring Boot 2.4 dependency conflict