Comments (3)
So here's the problem I've found after debugging:
when I try decoding an id_token, it works no problem, and the key Id (kid) matches for the it token and the keys returned from https://dev-******.oktapreview.com/oauth2/v1/keys
However, when trying to decode the access token, the kids don't match. I'm not really sure why this is.
from okta-jwt-verifier-java.
Ignore everything I said! This issue can now be closed.
Basically what I found: I was using an Okta dev account, and setup a new application using OIDC, but was using the default authentication server. While the kid in an id_token would always match fine, it just never seemed to work using the access token's kid (and further note! using {site}.oktapreview.com as the root, vs {site}.oktapreview.com/oauth2/default would return different keys).
I finally created my own authentication server in Okta, and used that for everything instead, and now everything seems to work fine! Spent a full day trying to figure that out.
from okta-jwt-verifier-java.
@kiplaaang Thanks for following up!
This is related to #13, we will try to get a more descriptive error message when this happens
from okta-jwt-verifier-java.
Related Issues (20)
- Feature Request : Method for introspect token. HOT 2
- Allow specifying a java.time.Clock to better write unit tests. HOT 3
- Publish new library version HOT 2
- NoClassDefFoundError after upgrade HOT 5
- com.okta.jwt.JwtVerificationException: Failed to parse token HOT 14
- Issuer verification failed (Okta + Ktor + SwaggerUI) HOT 1
- Access Token Verifier Builder fails to initialize HOT 7
- Failed to parse token HOT 3
- HTTP request to issuer URL exposes system information
- Provide a function in AccessTokenVerifier that loads JWKS signing keys HOT 2
- java.lang.IllegalArgumentException: A signing key must be specified if the specified JWT is digitally signed. HOT 3
- NoClassDefFoundError after upgrade HOT 5
- Please consider publishing the com.okta.jwt.it testing classes with the okta-jwt-verifier-integration-tests jar.
- Expose SSLFactory and TrustStore as configuration parameters for the HTTP client
- Unable to Create IdTokenVerifier or AccessTokenVerifier after Upgrading To 0.5.8 HOT 3
- Security vulnerability via transitive dependency`bcprov-jdk18on:1.75` HOT 2
- java.lang.NoSuchMethodError: 'io.jsonwebtoken.JwtParserBuilder io.jsonwebtoken.Jwts.parserBuilder()' HOT 6
- Convert integration tests to java HOT 3
- Feature Request: Stronger typing in Jwt Claims HOT 5
- Async API HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from okta-jwt-verifier-java.