Pessoal poderiam dar um help :
Faço a autenticação no postman http://localhost:8080/login
Consigo o token tranquilamente:
{ "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhbmEuYmVhdHJpekB2b2xsLm1lZCIsImlzcyI6IkFwaSBWb2xsLm1lZCIsImV4cCI6MTY4NDg2MTQyMn0.lHo0K0llIf41APXO9vZFyHFKamNGqAaAvWkA2HIdRcM" }
Entro no Debugger do JWT.io https://jwt.io/ O Token está com esse status : Invalid Signature
Quanto uso esse mesmo token na API para retornar a lista de médicos usando este token dá erro 403 Forbidden http://localhost:8080/medicos
com.auth0.jwt.exceptions.JWTDecodeException: The input is not a valid base 64 encoded string. at com.auth0.jwt.JWTDecoder.(JWTDecoder.java:46) at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:444) at med.voll.api.infra.security.TokenService.getSubject(TokenService.java:40) at med.voll.api.infra.security.SecurityFilter.doFilterInternal(SecurityFilter.java:31) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
Caused by: java.lang.IllegalArgumentException: Illegal base64 character 20 at java.base/java.util.Base64$Decoder.decode0(Base64.java:848) at java.base/java.util.Base64$Decoder.decode(Base64.java:566) at java.base/java.util.Base64$Decoder.decode(Base64.java:589) at com.auth0.jwt.JWTDecoder.(JWTDecoder.java:41) ... 55 more
va.lang.RuntimeException: **Token JWT inválido ou expirado**
at med.voll.api.infra.security.TokenService.getSubject(TokenService.java:44) ~[classes/:na]
at med.voll.api.infra.security.SecurityFilter.doFilterInternal(SecurityFilter.java:31) ~[classes/:na]
@Service
public class TokenService {
@Value("${api.security.token.secret}")
private String secret;
public String gerarToken(Usuario usuario) {
try {
var algoritmo = Algorithm.HMAC256(secret);
return JWT.create()
.withIssuer("Api Voll.med")
.withSubject(usuario.getLogin())
.withExpiresAt(dataExpiracao())
.sign(algoritmo);
} catch (JWTCreationException exception){
throw new RuntimeException("Erro ao gerar token jwt", exception);
}
}
public String getSubject(String tokenJWT){
try {
var algoritmo = Algorithm.HMAC256(secret);
return JWT.require(algoritmo)
.withIssuer("API Voll.med")
.build()
.verify(tokenJWT)
.getSubject();
} catch (JWTVerificationException exception){
exception.printStackTrace();
throw new RuntimeException("Token JWT inválido ou expirado");
}
}
private Instant dataExpiracao() {
return LocalDateTime.now().plusHours(2).toInstant(ZoneOffset.of("-03:00"));
}
}