Giter Site home page Giter Site logo

Comments (4)

swaincreates avatar swaincreates commented on July 22, 2024 1

That makes sense! Yes, with the claims in the id_token I suppose I don't need to make a call to /userinfo. And part of me thought i'd run into this same error with the id_token but I just verified that validating the id_token works fine. Thank you!

from okta-jwt-verifier-java.

aarongranick-okta avatar aarongranick-okta commented on July 22, 2024

@swaincreates Thanks for the question. Does this integration require validating the access token? My basic understanding of the issue is that the access token from the Org authorization server is meant for securing access to the Okta API and is not necessarily appropriate for securing access to customer resources. I'm guessing applications which are using the Org server as issuer are primarily interested in the id_token, which has the full list of claims.

from okta-jwt-verifier-java.

bdemers avatar bdemers commented on July 22, 2024

@aarongranick-okta is correct, access tokens from an Org authorization server cannot be validated as a JWT, but must be treated as an opaque access token.

id_tokens CAN be validated as a JWT (but those tokens are not used the same way).

More background info:
Access tokens are opaque per the OAuth 2 spec. It just happens that many IdPs implement them with JWTs (so common in fact that Spring Security supported JWT based access tokens before they supported "opaque" tokens.)

Okta only supports JWT access tokens for "Custom Authorization Servers", which would be typically used if you were creating a API/REST server.

If you can tell us a little more about your use case we can probably point you in the right direction.

from okta-jwt-verifier-java.

arvindkrishnakumar-okta avatar arvindkrishnakumar-okta commented on July 22, 2024

Closing this due to inactivity, feel free to open if followup is needed.

from okta-jwt-verifier-java.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.