How do I handle parsing JWT tokens using JWKS in Java (Scala)

jgleason · July 20, 2022, 1:54pm

I have the following in my express app

import bearer from "express-oauth2-jwt-bearer";

// Authorization middleware. When used, the Access Token must
// exist and be verified against the Auth0 JSON Web Key Set.
const checkJwt = bearer.auth({
  audience: "https://earth-838.me.dev/node",
  issuerBaseURL: "https://auth.me.dev",
});

const checkScopes = bearer.requiredScopes("access:node");

export {checkJwt, checkScopes};

I am looking for the equivilent in Scala and I came across this basic setup…

    val jwkStore = new JwkStore("{JWKS_FILE_HOST}")
    val keyProvider = new RSAKeyProvider {
      override def getPublicKeyById(s: String): RSAPublicKey = {

      }

      override def getPrivateKey: RSAPrivateKey = {

      }

      override def getPrivateKeyId: String = {

      }
    }

    try {
      val algorithm = Algorithm.RSA256(keyProvider)
      val verifier = JWT.require(algorithm).withIssuer("auth0").build //Reusable verifier instance
      val jwt = verifier.verify(token)
      System.out.println(jwt.getPayload)
    } catch {
      case exception: JWTVerificationException =>

      //Invalid signature/claims
    }

But I am not sure where JwksStore comes from and I am not sure how to handle things. Can someone provide an example?

josiah_devizia · July 20, 2022, 8:10pm

The JWKs, (JSON Web Keys) are found at /.well-known/jwks.json of your auth0 tenant. They are public values and you do not need authorization to request them.

jgleason · July 20, 2022, 8:59pm

Sorry I know what it is and where it is but I dont know how to reference it in the jwt module provided

cumaranathunga · April 8, 2024, 11:36am

Hi can I know that is there a way to read the jks key store and read the public key from it and use that to verify the token instead of calling the endpoint and getting the public key?
Thanks a lot

tyf · April 8, 2024, 8:37pm

Hey @cumaranathunga welcome to the community!

There isn’t a standard alternative method for fetching JWKS. The use of the JWKS endpoint is the recommended and secure way to obtain the necessary keys for token validation. This approach ensures that the keys are always up-to-date and valid, aligning with best practices in OAuth 2.0 and OpenID Connect protocols.

system · April 22, 2024, 8:38pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Basic question about JWKS URL Help login-experience , new-universal-login-experience	4	433	July 30, 2024
Authorization question Help jwt , auth0 , api	1	1612	June 8, 2022
Validate access token failing Help apis , application	10	876	January 17, 2024
Verify JWT token received from auth0 JWT.io jwt , auth0	4	21774	January 12, 2020
Feedback on Caching JWKS for JWT Verification in Ruby Help apis , application	2	80	July 15, 2024

How do I handle parsing JWT tokens using JWKS in Java (Scala)

Related Topics