To visually verify RS256-signed tokens

martin617 · June 18, 2024, 5:26pm

Hello,

On the Auth0 documentation page ‘Validate JSON Web Tokens’ (https://auth0.com/docs/secure/tokens/json-web-tokens/validate-json-web-tokens), it would have saved me a few hours of time if the instruction steps in the section ‘Verify RS256-signed tokens’ had been more clear.

The instructed download step of the certificate returns a cert.pem file (BEGIN/END CERTIFICATE). This needs to be turned into a pubkey.pem file (BEGIN/END PUBLIC KEY), before proceeding.

Command: openssl x509 -pubkey -noout -in cert.pem > pubkey.pem

rueben.tiow · June 26, 2024, 7:24pm

Hi @martin617,

Thanks for letting us know that the instructions in our documentation are unclear. I will pass this information back to our docs team.

Also, thank you for sharing the command that helped you convert the cert to a public key.

I would also add that you can get the public key from your tenant’s JWKS:
https://{yourDomain}/.well-known/jwks.json

On that page, you can copy one of the objects in the keys array and include them in your public key signature. This should produce a verified signature.

I hope that helps!

Thanks,
Rueben

Topic		Replies	Views
Verify RS256-signed JWT tokens Get Help oauth-2-0 , protocols	2	1903	March 29, 2023
Where is the Auth0 public key to be used in jwt.io to verify the signature of a RS256 token? Get Help auth0 , certificate , jwtio , rsa	6	43054	September 15, 2022
Unable to validate RSA256 access token Get Help rsa256 , verify-token	2	5087	March 2, 2018
How to validate the jwt on server? Get Help login-experience , new-universal-login-experience	2	3463	August 18, 2023
Where is the RSA public key? Get Help login-experience , new-universal-login-experience	2	1825	December 14, 2023

To visually verify RS256-signed tokens

Related topics