JimJ.64988 (Veracode) asked a question.
JwtVerifiers idTokenVerifierBuilder does not have setAudience() so the validation fails
JwtVerifiers idTokenVerifierBuilder() does not have setAudience() so the validation fails with an error of an invalidate audience of "placeholder". My ID Okta token does have an audience in it and it's not placeholder.
It's odd that the accessTokenVerifier allows me to set the audience, but the idTokenVerifier doesn't.
I'm using version 0.5.11 of com.okta.jwt:okta-jwt-verifier.
Is this a bug with okta-jwt-verifier? Or is there a different way of validating ID tokens?
Hello @JimJ.64988 (Veracode) , thank you for contacting Okta Community!
I've reviewed our documentation for something relevant. It looks like your question is more appropriate for our dedicated Okta Developer Forum. I advise reaching out via devforum.okta.com as they will have more insight into this topic.
In the meantime, you can reference this similar post from Okta Developer:
Verify JWT token server side, Error: “Unable to verify the JWS”
While we'll do our best to answer your questions here, this medium is more inclined towards Okta's core products and features (non-developer work).
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.