azure active directory – Spring ResourceServer azuread jwt validation

I want to validate the jwt from azuread (login.live.com) with spring resource server. What are the application.yaml properties in that case?

I couldn’t find an example / the properties on the official spring doc neither on the azuread docs

current application:yaml

spring:
  application:
    name: test
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: unknown
          jwk-set-uri: unknown

Security Config:

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http
            .authorizeHttpRequests(authorize ->
                    authorize
                            .requestMatchers("/auth/**").authenticated()
                            .anyRequest().permitAll()
            )
            .csrf(AbstractHttpConfigurer::disable)
            .sessionManagement(httpSecuritySessionManagementConfigurer ->
                    httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .oauth2ResourceServer((oauth2) ->
                    oauth2.jwt(Customizer.withDefaults()));
    return http.build();
}

Read more here: Source link