Authentication using an OAuth 2/JWT token failed: {error,key_not_found}

[aggarwalsh]

Authentication using an OAuth 2/JWT token failed: {error,key_not_found}

[aggarwalsh]

The exact issue in the log is "Authentication using an OAuth 2/JWT token failed: {error,key_not_found}". And this is my advanced config file.
[
%% Enable rabbit_auth_backend_oauth2
{rabbit, [
{auth_backends, [rabbit_auth_backend_oauth2, rabbit_auth_backend_internal]},
{log,[
{console,[
{level,debug},
{enabled,true}
]}
]},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"D:/RabbitMQ/ati-rootcertificate.pem"},
{certfile,"D:/RabbitMQ/certificate-1080.pem"},
{keyfile,"D:/RabbitMQ/certificate-1080_key.pem"},
{verify, verify_none},
{fail_if_no_peer_cert, false},
{password, ""}]},
{config_entry_decoder, [ {passphrase, <<"passphrase">>}]}
]},
{rabbitmq_management, [{listener, [{port, 15671},
{ssl, true},
{ssl_opts, [{cacertfile, "D:/RabbitMQ/rootcertificate.pem"},
{certfile, "D:/RabbitMQ/certificate-14080.pem"},
{keyfile, "D:/RabbitMQ/certificate-14080_key.pem"},
{password, ""}]}]}
]},

%% Set a resource server ID. Will require all scopes to be prefixed with rabbitmq.
{rabbitmq_auth_backend_oauth2, [
{resource_server_id, <<"rabbitmq">>},
%% UAA signing key configuration
{key_config, [
{default_key, <<"a-key-ID">>},
{signing_keys, #{
<<"a-key-ID">> => {pem, <<"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40fWrpnnuccnZJMq7wAA
nW9BSzvjNmyEpj3w15gYNItInEL3Sc7Ssdsdsdsdsdsjpc4o_S4nub6b0-kyvL3F0kybU1WUhps
9b48Ho-YLM7K5Cb79CCLbHRKJUH_90ZSBDjFKW81nb0Lh7Iq6LiamjzRbqHLnwdR
g_EapFr0FRJLuZd4bE4owwjbsdsdsdsdsaKfJqtwvJd47RNw5B_lnr0YRl6E_6r2Ok9AwMf1c
idsdhNu3T_hs6O95oUBnI4Dgw1egQft0NBgpy9cojwPv5J45Jv-0xdxA2c0FAsWN
HLFS59GAYAbri7p0L-PwPKw1A6PH8e07XDTV73PPJrEA9fG84mmRII36XOw-FOBb
1wIDAQAB
-----END PUBLIC KEY-----
">>}
}}
]}
]}
].

[michaelklishin]

@aggarwalsh as I already explained in a different discussion, this error means that the JWT had a key ID that's unknown to the OAuth 2 plugin (not listed in the config). Often this means a key name mismatch.

[aggarwalsh]

Also, it is saying "Authentication using an OAuth 2/JWT token failed: provided token is invalid" in logs.

[aggarwalsh]

@marcial Rosales Yes the token i am using has "a-key-ID" . The token is as below:

{
"alg": "RS256",
"kid": "a-key-ID",
"typ": "at+jwt"
}
PAYLOAD:DATA

{
"iss": "https://localhost:5004",
"nbf": 1657265145,
"iat": 1657265145,
"exp": 1657351545,
"aud": "rabbitmq",
"scope": [
"rabbitmq.configure:/",
"rabbitmq.read:/",
"rabbitmq.write:/"
],
"client_id": "rqadmin",
"jti": "sdshqjshqhjqhshj"
}