Access token validation failed

frooton · November 16, 2017, 10:51am

Hello all

I am facing a problem when validating the access token it seems that the public key that I receive from the endpoint /keys is not valid knowing that it is the right key because the kid on the jwt header is good.

Ps: i’m not using okta jwt verfier

Thanks for your help

vijet · November 16, 2017, 4:18pm

Hi,
Can you provide some more information?

Which tool/library are you using to validate the access token?
What is the issuer URL that you have set? It should be of the form https://{yourOktaDomain}.com/oauth2/default
Which /keys endpoint are you invoking? It should be of the form https://{yourOktaDomain}.com/oauth2/default/v1/keys

Also any information on your use-case and details about the application/technology you are using would be helpful in finding out the issue.

Thanks,
Vijet

om007 · November 29, 2017, 7:13am

i am also facing the same issue , actually i am using Okta JWT Verifier for Java library for validating access token , but when i pass access token , i got Failed to validate JWT string Error
i am really confuse with this , please me

frooton · November 29, 2017, 10:05am

which authorization server are you using??
if its the default one you can’t validate the access token, you have to create new one
Capture

om007 · January 3, 2018, 2:00pm

i have tried this also , created custom authorization , generate new access token but stilling getting same error

frooton · January 3, 2018, 3:10pm

can you share your code so that I can help you

nate.barbettini · January 3, 2018, 6:12pm

These types of validation errors are almost always because the wrong authorization server is being used. Make sure the authority/issuer setting in your JWT validation code is using a custom authorization server such as default.

mcobb · December 4, 2018, 6:29pm

Same problem here. The authorization server looks like a match to mine - the “default” in my authorization server list https://dev-nnnnnn.oktapreview.com/oauth2/default The kid also matches when I check the jwks_uri. I’m using the OktaDemo.XF app. That app says authorization was successful. I grab the access token from there and sending it to the java app, which uses the OKTA java verifier. What are the other cases where this fails besides wrong authorization server?

thefedex87 · April 9, 2020, 8:42am

Hi, I have a similiar problem. I’m trying to understand the flow of authentication. I’m using PHP as backend and it works, it validate the token. But I’m trying to validate the signature of my token manually (using jwt.io). So I found the key from the api /keys but when I try to validate the token I get “wrong signature”. The public keu is correct since the kid is the same. Do you know the reason?

EDIT: I understood that “n” is not the key, but the modulus and that key is generated from “n” and “e”. So I used an online resource which take in input modulus and exponent, it generates a key but still I get Invalid signature from jwt.io

dragos · April 13, 2020, 1:40am

Hi @thefedex87

As mentioned here, you can use a script like the one available here to calculate the public key from the modulus and exponent.