How do I handle parsing JWT tokens using JWKS in Java (Scala)

jgleason · July 20, 2022, 1:54pm

I have the following in my express app

import bearer from "express-oauth2-jwt-bearer";

// Authorization middleware. When used, the Access Token must
// exist and be verified against the Auth0 JSON Web Key Set.
const checkJwt = bearer.auth({
  audience: "https://earth-838.me.dev/node",
  issuerBaseURL: "https://auth.me.dev",
});

const checkScopes = bearer.requiredScopes("access:node");

export {checkJwt, checkScopes};

I am looking for the equivilent in Scala and I came across this basic setup…

    val jwkStore = new JwkStore("{JWKS_FILE_HOST}")
    val keyProvider = new RSAKeyProvider {
      override def getPublicKeyById(s: String): RSAPublicKey = {

      }

      override def getPrivateKey: RSAPrivateKey = {

      }

      override def getPrivateKeyId: String = {

      }
    }

    try {
      val algorithm = Algorithm.RSA256(keyProvider)
      val verifier = JWT.require(algorithm).withIssuer("auth0").build //Reusable verifier instance
      val jwt = verifier.verify(token)
      System.out.println(jwt.getPayload)
    } catch {
      case exception: JWTVerificationException =>

      //Invalid signature/claims
    }

But I am not sure where JwksStore comes from and I am not sure how to handle things. Can someone provide an example?

josiah_devizia · July 20, 2022, 8:10pm

The JWKs, (JSON Web Keys) are found at /.well-known/jwks.json of your auth0 tenant. They are public values and you do not need authorization to request them.

jgleason · July 20, 2022, 8:59pm

Sorry I know what it is and where it is but I dont know how to reference it in the jwt module provided

cumaranathunga · April 8, 2024, 11:36am

Hi can I know that is there a way to read the jks key store and read the public key from it and use that to verify the token instead of calling the endpoint and getting the public key?
Thanks a lot

tyf · April 8, 2024, 8:37pm

Hey @cumaranathunga welcome to the community!

There isn’t a standard alternative method for fetching JWKS. The use of the JWKS endpoint is the recommended and secure way to obtain the necessary keys for token validation. This approach ensures that the keys are always up-to-date and valid, aligning with best practices in OAuth 2.0 and OpenID Connect protocols.

system · April 22, 2024, 8:38pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need help converting Javascript JWT parsing into Java using Auth0 libs JWT.io jwt , javascript , java , java-jwt-support-doc	1	3266	August 4, 2020
RSA256/JWKS JWT validation using Auth0's `java-jwt` and `jwks-rsa-java` Help java-jwt-support-doc	5	21692	October 17, 2022
Problem validating JWT with X509 cert/pubkey from /jwks JWT.io api , certificate , jwt-validation	12	23137	November 8, 2022
Access token fails validation Help	4	6380	January 27, 2019
[Solved]JwksError: Not found.(i don't know why) Help jwks	2	3699	January 23, 2021

How do I handle parsing JWT tokens using JWKS in Java (Scala)

Related Topics