Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where to get Public key for validating a JWT Token in Java or Kotlin

Tags:

java

kotlin

jwt

vert.x

I am using Kotlin with Vertx at the Backend and the frontend forwards me a JWT token after getting authenticated from One Login. Now, I want to make sure that the Token is valid not fake(made up). If I follow following link, it says that I need a public key to be able to create a JWTAuth object which I can use to call authenticate for validation. https://vertx.io/docs/vertx-auth-jwt/kotlin/

I need to know where can I get public key?

like image 802
Adnan Raza Avatar asked Jun 28 '18 06:06

Adnan Raza

People also ask

Can you verify JWT with public key?

jsonwebtoken allows you to provide a certificate that will be used to verify JWTs, once you fetch a JWK to use (as explained above) you can then convert it to a key string by using a library or an online service (since this is a public key there is no risk in using an online service).

Does JWT token contains public key?

The JSON Web Key Set (JWKS) is a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by the authorization server and signed using the RS256 signing algorithm. When creating applications and APIs in Auth0, two algorithms are supported for signing JWTs: RS256 and HS256.

How do I validate a JWT token?

Go to Dashboard > Applications. Go to the Settings view, and open Advanced Settings. Go to the Certificates view, locate the Signed Certificate field, and copy the Public Key. Navigate to the JWT.io website, locate the Algorithm dropdown, and select RS256.

1 Answers

I don't know about OneLogin but from their documentation I can see that they are a SAML/OpenId Connect provider, so the public key can easily retrieved from their configuration. According to their docs you can locate your instance config from:

https://<subdomain>.onelogin.com/oidc/.well-known/openid-configuration

From this file you should look up the key jwks_uri which will hold a value like: https://acme.onelogin.com/oidc/certs. If you get this URL you'll have a JSON similar to this:

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "JRcO4nxs5jgc8YdN7I2hLO4V_ql1bdoiMXmcYgHm4Hs",
      "n": "z8fZsz...GHSTAoQw",
      "e": "AQAB"
    }
  ]
}

This file is a JSON Web Key (chain) This JSON can be feed to JWTAuth to load the key and do the validation you need. As a side note for 3.6 The will be proper OpenId Connect Discovery support in the module OAuth2 which means you don't need to fiddle with this anymore and just pass the URL if your provider and everything will be properly configured.

like image 50
Paulo Lopes Avatar answered Oct 17 '22 15:10

Paulo Lopes
Sign in to Comment

Related questions

Logback does not log JUL fine level
Image Tile Using CSS Grid
Nexus 3 Compact blob store task does not remove images physically
Python - How to have same maximum on multiple histograms
Best IDE / Plugin for develop Solidity
Error: vector memory exhausted (limit reached?)
JSDoc: document generic type that works for grandchildren classes
How can I desugar my GADTs?
How to create a isolated "environment" in Ubuntu?
Promises in React native
Google Compute Engine VM Instance Doesn't Stop. How to force stop?
memory usage when indexing a large dask dataframe on a single multicore machine

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!