Auth0 Home Blog Docs

Unable to validate RSA256 access token



This is the code to validate the token

String token = “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE”;

RSAPublicKey publicKey = //Get the key instance

RSAPrivateKey privateKey = //Get the key instance

try {

Algorithm algorithm = Algorithm.RSA256(publicKey, privateKey);

JWTVerifier verifier = JWT.require(algorithm)


    .build(); //Reusable verifier instance

DecodedJWT jwt = verifier.verify(token);

} catch (JWTVerificationException exception){

//Invalid signature/claims

the public key is the client certificate

Q1) but from where will we get the private key

Q2) how can we assign values to the public and private key variables?

Q3) should we store the public key in a pem file locally?


Hello All,
I have finally got the solution after exploring a few discussions and docs, so just thought of sharing it with the community.

We can validate an RS256 token using the above code by passing the public key only.
The public key can be retrieved from the JSON key set using the Kid.
JSON key set is available here,