To visually verify RS256-signed tokens

Hello,

On the Auth0 documentation page ‘Validate JSON Web Tokens’ (https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens), it would have saved me a few hours of time if the instruction steps in the section ‘Verify RS256-signed tokens’ had been more clear.

The instructed download step of the certificate returns a cert.pem file (BEGIN/END CERTIFICATE). This needs to be turned into a pubkey.pem file (BEGIN/END PUBLIC KEY), before proceeding.

Command: openssl x509 -pubkey -noout -in cert.pem > pubkey.pem

1 Like

Hi @martin617,

Thanks for letting us know that the instructions in our documentation are unclear. I will pass this information back to our docs team.

Also, thank you for sharing the command that helped you convert the cert to a public key.

I would also add that you can get the public key from your tenant’s JWKS:
https://{yourDomain}/.well-known/jwks.json

On that page, you can copy one of the objects in the keys array and include them in your public key signature. This should produce a verified signature.

I hope that helps!

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.