Hi there. I’m new to all the authentication flows and I’m trying the Test steps located in my dashboard/applications/APIs section. The bearer token returned from the authentication link(https://dev-xxx.us.auth0.com/oauth/token) should be able to be decoded. But the Java function for configuring algorithms(Algorithm RSA256(RSAPublicKey, RSAPrivateKey)) requires both keys.
Is it an enterprise tier feature? If not, where can I find both keys?
Are you sure the function you are looking at isn’t for signing a token rather than validating it? Typically, in order to verify a token you just need the public key which can be found at https://{your_domain}/.well-known/jwks.json - See JSON Web Key Sets for more info.
We have a Java quickstart using Springboot which may be helpful just for demonstration purposes: