Comments (4)
That makes sense! Yes, with the claims in the id_token
I suppose I don't need to make a call to /userinfo
. And part of me thought i'd run into this same error with the id_token
but I just verified that validating the id_token
works fine. Thank you!
from okta-jwt-verifier-java.
@swaincreates Thanks for the question. Does this integration require validating the access token? My basic understanding of the issue is that the access token from the Org authorization server is meant for securing access to the Okta API and is not necessarily appropriate for securing access to customer resources. I'm guessing applications which are using the Org server as issuer are primarily interested in the id_token
, which has the full list of claims.
from okta-jwt-verifier-java.
@aarongranick-okta is correct, access tokens from an Org authorization server cannot be validated as a JWT, but must be treated as an opaque access token.
id_tokens
CAN be validated as a JWT (but those tokens are not used the same way).
More background info:
Access tokens are opaque per the OAuth 2 spec. It just happens that many IdPs implement them with JWTs (so common in fact that Spring Security supported JWT based access tokens before they supported "opaque" tokens.)
Okta only supports JWT access tokens for "Custom Authorization Servers", which would be typically used if you were creating a API/REST server.
If you can tell us a little more about your use case we can probably point you in the right direction.
from okta-jwt-verifier-java.
Closing this due to inactivity, feel free to open if followup is needed.
from okta-jwt-verifier-java.
Related Issues (20)
- Feature Request : Method for introspect token. HOT 2
- Allow specifying a java.time.Clock to better write unit tests. HOT 3
- Publish new library version HOT 2
- NoClassDefFoundError after upgrade HOT 5
- com.okta.jwt.JwtVerificationException: Failed to parse token HOT 14
- Issuer verification failed (Okta + Ktor + SwaggerUI) HOT 1
- Access Token Verifier Builder fails to initialize HOT 7
- Failed to parse token HOT 3
- HTTP request to issuer URL exposes system information
- Provide a function in AccessTokenVerifier that loads JWKS signing keys HOT 2
- java.lang.IllegalArgumentException: A signing key must be specified if the specified JWT is digitally signed. HOT 3
- NoClassDefFoundError after upgrade HOT 5
- Please consider publishing the com.okta.jwt.it testing classes with the okta-jwt-verifier-integration-tests jar.
- Expose SSLFactory and TrustStore as configuration parameters for the HTTP client
- Unable to Create IdTokenVerifier or AccessTokenVerifier after Upgrading To 0.5.8 HOT 3
- Security vulnerability via transitive dependency`bcprov-jdk18on:1.75` HOT 2
- java.lang.NoSuchMethodError: 'io.jsonwebtoken.JwtParserBuilder io.jsonwebtoken.Jwts.parserBuilder()' HOT 6
- Convert integration tests to java HOT 3
- Feature Request: Stronger typing in Jwt Claims HOT 5
- Async API HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from okta-jwt-verifier-java.