I want to verify the JWT token returned by auth0 in server side using Java. For that i am using auth0 java-jwt library. This is the example code they are providing.
This is the exception i am getting
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: ObjectIdentifier() – data isn’t an object ID (tag = -96)
at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:205)
at java.security.KeyFactory.generatePublic(KeyFactory.java:334)
at com.ceino.supportapp.test.JWTClass.getPublicKey(JWTClass.java:93)
at com.ceino.supportapp.test.JWTClass.readPublicKeyFromFile(JWTClass.java:106)
at com.ceino.supportapp.test.JWTClass.main(JWTClass.java:35)
Caused by: java.security.InvalidKeyException: IOException: ObjectIdentifier() – data isn’t an object ID (tag = -96)
at sun.security.x509.X509Key.decode(X509Key.java:397)
at sun.security.x509.X509Key.decode(X509Key.java:402)
at sun.security.rsa.RSAPublicKeyImpl.(RSAPublicKeyImpl.java:86)
at sun.security.rsa.RSAKeyFactory.generatePublic(RSAKeyFactory.java:298)
at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:201)
… 4 more
You could also use jwks-rsa-java library to retrieve public key at run time. Here is a complete sample. You need to get accessToken JWT from the request and add your own tenant url to make it work
Make sure though you are also performing further checks such as permissions, standard claims etc. Code above only does JWT format check and signature check. Reference here Validate Access Tokens