User1738004022165912692 (Customer) asked a question.
Create Separate Verification Keys for Third Party JWTs
Hi,
We are integrating with a third party system and have the following use case:
- Provide system with a jwt with profile fields in the claims
- Provide public / private keys for verification.
Our team would like to take advantage of the profile data / token creation within okta. Utilizing an id token with the appropriate claims. We were given a requirement to have a different set of public / private keys to verify this 3rd party token to avoid passing a valid token to our client application to another system.
Would the best way to accomplish this would be utilizing a new authorization server? Or is there a different method to integrate these apps together?
This is probably a better question for you to ask on the Okta Developer Forum "https://devforum.okta.com/".
That said, here is my two cents if I'm following you correctly. Your app is using Okta via OIDC and you are passing some custom claims (profile data) in the ID token from Okta back to your app and want to pass those values to another 3rd party via a JWT from your app. I don't feel like another authorization server is needed as you could just create your own custom JWT like as described in the following post. https://medium.com/code-wave/how-to-make-your-own-jwt-c1a32b5c3898