Auth0 Home Blog Docs

How does one deal with JWT Token Validation from a Javascript client in a Servlet Filter w/o Spring?



This example is woefully under documented

From this page:

Where and how do I get/set the public/private key? When a accessToken is generated in my Javascript client and passed to me?
How do I secure a restful endpoint, and why doesn’t the generated war file just deal with this case automatically? i.e. passing around accessTokens, idTokens and all the other values that my javascript client generated.

String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE";
RSAPublicKey publicKey = //Get the key instance
RSAPrivateKey privateKey = //Get the key instance.
try {
    Algorithm algorithm = Algorithm.RSA256(publicKey, privateKey);
    JWTVerifier verifier = JWT.require(algorithm)
        .build(); //Reusable verifier instance
    DecodedJWT jwt = verifier.verify(token);
} catch (JWTVerificationException exception){
    //Invalid signature/claims