I have an application registered in OKTA that uses PKCE flow. I used the guide available at https://developer.okta.com/docs/guides/implement-oauth-for-okta/request-access-token/ to get an access token and retrieved my jwk from https://{myoktadomain}/oauth2/v1/keys
Then, I tried to
import jwt
from jwt.algorithms import RSAAlgorithm
# Key pulled from https://{myoktadomain}.oktapreview.com/oauth2/v1/keys
key_json = '{"kty":"RSA","alg":"RS256","kid":"kid-value-here","use":"sig","e":"AQAB","n":"long-key-here"}'
aud = "api://default"
token_to_validate = "access-token-value-here"
public_key = RSAAlgorithm.from_jwk(key_json)
decoded = jwt.decode(token_to_validate, public_key, audience=aud, algorithms='RS256')
But I am getting the following error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/myuser/dev/projects/src/adminsvc/.tox/py37/lib/python3.7/site-packages/jwt/api_jwt.py", line 92, in decode
jwt, key=key, algorithms=algorithms, options=options, **kwargs
File "/Users/myuser/dev/projects/src/adminsvc/.tox/py37/lib/python3.7/site-packages/jwt/api_jws.py", line 156, in decode
key, algorithms)
File "/Users/myuser/dev/projects/src/adminsvc/.tox/py37/lib/python3.7/site-packages/jwt/api_jws.py", line 223, in _verify_signature
raise InvalidSignatureError('Signature verification failed')
jwt.exceptions.InvalidSignatureError: Signature verification failed
I am not sure why I’m getting the InvalidSignatureError