<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UsPSAVOkta Classic EngineSingle Sign-OnAnswered2024-03-25T21:47:43.000Z2016-11-18T13:56:23.000Z2017-06-29T01:56:41.000Z

Parth Swadas (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
JWT verification fails for OIDC Web application.
Hello,

 

We are implementing OIDC Web for our internal application.

 

We are getting JWT key signature validation failure.

 

We have received 2 kid from https://unibet.okta.com/oauth2/v1/keys which is the public-key used to verify the id_token. We have observed the kid in JWT payload is different from kid received from /oauth2/v1/keys URL. So ID token key signature fails.

 

Little background for application : We have implemented Spring security oauth2.0 framework

 

Please suggest.
  • 5 answers
  • 1.45K views
oq69j and WebTeamDEV like this.

  • qjnro (qjnro)

    Hi. I am having the same problem. Were you ever able to solve this?

     

    Thanks!

  • Parth Swadas (Customer)

    Hi Mark,

     

    You will receive 2 tokens id_token and auth_token from OKTA. You should be able to verify id_token with correct setup.

     

    There is a separate license for auth_token verification (which can be used for authorization purpose).

     

    From SSO prospective, i think if you can verify id_token, that should suffice.

     

    /Parth
    Expand Post

  • WebTeamDEV (Customer)

    I am facing the same issue, is there a code sample on how to verify the token id. This post by Parth says yes, please provide the documentation.

  • PradeepK.70287 (Customer)

    I am also facing the same issue, @Parth Swadas - but from your response not able to figure out how you fixed it. Can  you please help elaborating how it has been fixed
This question is closed.
Loading
JWT verification fails for OIDC Web application.