I signed up for Auth0 and created an application and API. The code base we have is okd version JAX-RS and I haven’t been able to use the quickstarts. So I would like to use java-jwt to verify the token in the API.
However, so setup java-jwt you need the public and private key RSA keys.
Why do I need the to supply the keys? shouldn’t the library get them from the “well-known” urls?
Why would I need the private key at all to verify jwt tokens?
This library does not support obtaining keys from a JWKS endpoint (well-known) - You could utilize our jwks-rsa-java as well to implement obtaining keys. See this documentation as well.
I don’t believe the private key is required - Have you tried omitting it or simply passing null?