I'm trying to test the API protection flow but I don't know where to set private key for the JWT token

Hi there. I’m new to all the authentication flows and I’m trying the Test steps located in my dashboard/applications/APIs section. The bearer token returned from the authentication link(https://dev-xxx.us.auth0.com/oauth/token) should be able to be decoded. But the Java function for configuring algorithms(Algorithm RSA256(RSAPublicKey, RSAPrivateKey)) requires both keys.

Is it an enterprise tier feature? If not, where can I find both keys?

Hey there @liurunlin0213 welcome to the community!

Are you sure the function you are looking at isn’t for signing a token rather than validating it? Typically, in order to verify a token you just need the public key which can be found at https://{your_domain}/.well-known/jwks.json - See JSON Web Key Sets for more info.

We have a Java quickstart using Springboot which may be helpful just for demonstration purposes:

https://auth0.com/docs/quickstart/backend/java-spring-security5#validate-access-tokens

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.