Spring Security Unable to get access_token, Refresh token using client_assertion in Spring oauth2 Server

@jgrandja I also tried to generate client_assertion like below using PKCS12, still I get invalid client error. Need your help to resolve this issue. Looks like authorization server is not compatible with certificate generated RSAkey. I am badly stuck here. base branch used to create project is https://github.com/jgrandja/spring-authorization-server/tree/jwt-client-authn/samples/default-authorizationserver InputStream fm = new FileInputStream(pathPKCS12); KeyStore keystore = KeyStore.getInstance("PKCS12"); keystore.load(fm, pwdPKCS12.toCharArray()); Key key = keystore.getKey(keystore.aliases().nextElement(), pwdPKCS12.toCharArray()); Certificate cert = keystore.getCertificate(keystore.aliases().nextElement()); PublicKey publicKey = cert.getPublicKey(); KeyPair keyPair = new KeyPair(publicKey, (PrivateKey) key);

RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();

Instant now = Instant.now();
//The JWT signature algorithm we will be using to sign the token
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RS256;

String jwt= Jwts.builder()
            .setAudience("https://localhost:9000")
            .setIssuedAt(Date.from(now))
            .setExpiration(Date.from(now.plus(5L, ChronoUnit.DAYS)))
            .setIssuer("profinch")
            .setSubject("profinch")
            .setId(UUID.randomUUID().toString())
            .signWith(signatureAlgorithm, rsaPrivateKey)
            .compact();
System.out.println(jwt);

Also in auth-server and jwkSetUrl I am using below logic- @bean public JWKSource jwkSource() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, JOSEException { RSAKey rsaKey = generateRsaFromCertificate(); JWKSet jwkSet = new JWKSet(rsaKey); return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet); }

@Bean public JwtDecoder jwtDecoder(JWKSource jwkSource) { return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource); }

public RSAKey generateRsaFromCertificate() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException { String pathPKCS12 = configurableEnvironment.getProperty("OAUTH_PKCS12_PATH"); String pwdPKCS12 = configurableEnvironment.getProperty("OAUTH_PKCS12_PWD"); // String pathPKCS12 = "classpath:keystore/mercury.p12"; // String pwdPKCS12 = "mercury";

File file = ResourceUtils.getFile(pathPKCS12);
InputStream fm = new FileInputStream(file);

KeyStore keystore = KeyStore.getInstance("PKCS12");     
keystore.load(fm, pwdPKCS12.toCharArray());
Key key = keystore.getKey(keystore.aliases().nextElement(), pwdPKCS12.toCharArray());
Certificate cert = keystore.getCertificate(keystore.aliases().nextElement());
PublicKey publicKey = cert.getPublicKey();
KeyPair keyPair = new KeyPair(publicKey, (PrivateKey) key);

RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();

fm.close();

// @formatter:off
return new RSAKey.Builder(rsaPublicKey)
        .privateKey(rsaPrivateKey)
        .keyID(UUID.randomUUID().toString())
        .build();
// @formatter:on

} error is below - Spring Security Unable to get access_token, Refresh token using client_assertion in Spring oauth2 Server

post man request x-www-form-urlencoded is - client_assertion_type:urn:ietf:params:oauth:client-assertion-type:jwt-bearer client_assertion:eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo5MDAwIiwiaWF0IjoxNjc1NTY3ODE3LCJleHAiOjE2NzU5OTk4MTcsImlzcyI6InByb2ZpbmNoIiwic3ViIjoicHJvZmluY2giLCJqdGkiOiIzODMwN2U1My1iYTU3LTQyMGUtOTExZi1lZDkzMmQ0ZGZmMDQifQ.cy4SOSCYa1s24UHosXwhskhUl3bIag_ZXnY7XKVY8SjLO65YLYOT8oHKbKhsAx_l47m7Tk3LBKIYYDOnORgfWCXDxyYdiTB-OKwTcPg6oHQu4323f38Wyb_4gOt56CGJnu45HOhnYNIll9VhvH_TJcFcSWzp4G5XTakA_ZfvdybhcB3hq8vxyd6_HStz24QxKFYUZZEC70vOCgExfNW6mMGEuL0bRHy6SnaJ1TfyjJD_3Mz9VKGdNry7Dr2cfQ9y1xro_LdAU3oZ97YQLeSStB-lOo--r7f4sUAYdX6ahrJwm8AgD6GugQqO-LGB15T0xdXGqXJrED2iC1Vr1BgblA

Comment From: sjohnr

@LepakshV, thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

Additionally, please be aware that this is the second time (gh-12619) you've opened an issue asking a question. @jgrandja has already attempted to provide resources to assist your efforts, and we would ask that you spend some time working through the issues. If you're stuck, please ask your questions on stackoverflow. Please be respectful of the community and refrain from asking for support on this issue tracker, as it is not a support forum.

Comment From: LepakshV

@sjohnr @jgrandja Thank you for your time, I have created support question in https://stackoverflow.com/questions/75368745/unable-to-get-access-token-refresh-token-using-client-assertion-in-spring-oauth