Hi ! I recently tried the impersonation feature in dashboard, using client side link. My SPA get the generated idToken and send it to my API, which check the token ‘kid’ against my remote jwks JSON file. However, I get an error as the kid is not present, as well as many informations like email, f…

@ValdoGhafoor The kid from the JWKS (in fact, the JWKS itself) is only used to validate RS256 ID tokens. If you’re using HS256 (which your screenshot shows and my test using the Sign In as User in the Dashboard confirms) then the ID token is validated using the Client Secret for that application. S…

Hey there @ValdoGhafoor , if you decode your JWT file do you see the kid prop come across? I have included a JWT decoder below, thanks! [image] JWT.IO JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. …

I noticed that with scope at “profile email openid”, i have informations I was looking for like email, firstname …etc bust still get a missing kid

I don’t understand your answer. The answer your linked is just confirming that I need the kid in the token to validate it. And my problem is that the kid is missing from the token

Let me try to explain this better, after looking at your endpoint with support, we were able to verify you only have one key associated with your account. When leveraging a kid property, it is used to identify one specific key identifier from within that list. Since you only have one, this should no…

Thanks for your answer. For me it looks like a security issue. I’m checking the kid of the token against the one on the endpoint to verify its signature. Why wouldn’t it be needed in my case ? Are you trying to say that checking the kid is useless because we have only one key on the endpoint ?

idToken generated by impersonation does not contains 'kid' property

JWT.io

James.Morrison February 13, 2019, 11:13pm 6

I was able to find some more details relating to the kid property via an older community post. It may not be needed for what you are trying to accomplish. I have put a link below to the topic. Please let me know if this helps in your quest, thanks!

Topic		Replies	Views
What is the origin of the "kid" claim in the JWT? Get Help jwt	6	15097	March 2, 2018
JWK presented in kid not listed in jwks.json Get Help jwt , auth0	2	3705	August 26, 2019
Access token kid Get Help	5	10626	June 29, 2020
Problem verifying ID token Get Help jwt , id_token	2	3451	August 26, 2019
Is it possible to return JWT Header''s KID field in AuthResult returned after Authentication? Get Help jwks , authentication , jwt-validation , openidconnect	4	5809	March 2, 2018

idToken generated by impersonation does not contains 'kid' property

Related topics