Unable to validate RSA256 access token

priya.sharma.9362 · December 7, 2017, 8:23pm

This is the code to validate the token

String token = “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE”;

RSAPublicKey publicKey = //Get the key instance

RSAPrivateKey privateKey = //Get the key instance

try {

Algorithm algorithm = Algorithm.RSA256(publicKey, privateKey);

JWTVerifier verifier = JWT.require(algorithm)

    .withIssuer("auth0")

    .build(); //Reusable verifier instance

DecodedJWT jwt = verifier.verify(token);

} catch (JWTVerificationException exception){

//Invalid signature/claims

}
the public key is the client certificate

Q1) but from where will we get the private key

Q2) how can we assign values to the public and private key variables?

Q3) should we store the public key in a pem file locally?

priya.sharma.9362 · December 11, 2017, 6:31pm

Hello All,
I have finally got the solution after exploring a few discussions and docs, so just thought of sharing it with the community.

We can validate an RS256 token using the above code by passing the public key only.
The public key can be retrieved from the JSON key set using the Kid.
JSON key set is available here,

https://your-domain/.well-known/jwks.json

Thanks!

Topic		Replies	Views
Where is the RSA public key? Help login-experience , new-universal-login-experience	2	1150	December 14, 2023
If we can not get the private key when use choose RSA256 as JWT signature algorithm JWT.io private-key	2	8264	March 28, 2019
Verify RS256-signed JWT tokens Help oauth-2-0 , protocols	2	1544	March 29, 2023
Verify JWT token received from auth0 JWT.io jwt , auth0	4	21874	January 12, 2020
How to validate the jwt on server? Help login-experience , new-universal-login-experience	2	2891	August 18, 2023

Unable to validate RSA256 access token

Related topics