JWT verification fails for OIDC Web application. Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Parth SwadasParth Swadas 

JWT verification fails for OIDC Web application.


We are implementing OIDC Web for our internal application.

We are getting JWT key signature validation failure.

We have received 2 kid from https://unibet.okta.com/oauth2/v1/keys which is the public-key used to verify the id_token. We have observed the kid in JWT payload is different from kid received from /oauth2/v1/keys URL. So ID token key signature fails.

Little background for application : We have implemented Spring security oauth2.0 framework

Please suggest.
Mark BMark B
Hi. I am having the same problem. Were you ever able to solve this?

Parth SwadasParth Swadas
Hi Mark,

You will receive 2 tokens id_token and auth_token from OKTA. You should be able to verify id_token with correct setup.

There is a separate license for auth_token verification (which can be used for authorization purpose).

From SSO prospective, i think if you can verify id_token, that should suffice.

WebTeam DeveloperWebTeam Developer
I am facing the same issue, is there a code sample on how to verify the token id. This post by Parth says yes, please provide the documentation. 
Parth SwadasParth Swadas
This is working well for us now. We're able to verify token from OKTA endpoints.

OKTA developer documents refers endpoint for OpenIDConnect. Please refer https://developer.okta.com/docs/api/resources/oidc.html#endpoints

Pradeep KumarPradeep Kumar
I am also facing the same issue, @Parth Swadas - but from your response not able to figure out how you fixed it. Can  you please help elaborating how it has been fixed