Verify RS256-signed JWT tokens


The article (Validate JSON Web Tokens) says about Public Key. But this key is missing there.

Also I checked the Signing Certificate and got OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: nested asn1 error. This error means invalid public key.

Could you help me?

Hi @igor.tretyakov,

Welcome to the Auth0 Community!

The “Signing Certificate” field is your public key. We also recommend that you get the Public Key from your tenant’s JWKS here: https://{yourDomain}/.well-known/jwks.json, and it’s available at https://{yourDomain}/.well-known/pem too.

I just tested it and it works correctly for me via all three options listed above. It may simply be a formatting issue with the script you are using. I also suggest for debugging.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.