I’m trying to verify OKTA Access token in my nodejs application. I dropped in the access token so, you can check the issuer and I’ve compared the the issuer in token with the verifier constructor. They both seem to be same. Appreciate any help
My code:
const oktaJwtVerifier = new OktaJwtVerifier({
issuer: `https://signin-test.syngenta.com/oauth2/ausqmgapztkTfvQg70h7`,
clientId: process.env.OKTA_CLIENT_ID, //tried without passing the client id also
assertClaims: {
aud: "api://syngenta-test",
},
});
a validation failed, inspect the error
[JwtParseError: Error while resolving signing key for kid “OrR_mnz02b3f3S4xARPV0kWN9rT3wLshRBXUFdIBP6o”] {
userMessage: ‘Error while resolving signing key for kid “OrR_mnz02b3f3S4xARPV0kWN9rT3wLshRBXUFdIBP6o”’,
jwtString: ‘eyJraWQiOiJPclJfbW56MDJiM2YzUzR4QVJQVjBrV045clQzd0xzaFJCWFVGZElCUDZvIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULng4R093dFVpOExBVEtlWWtsd2ZBU2QtZDl6aERycGZ2cWlZRHN1Y1FVZTQiLCJpc3MiOiJodHRwczovL3NpZ25pbi10ZXN0LnN5bmdlbnRhLmNvbS9vYXV0aDIvYXVzcW1nYXB6dGtUZnZRZzcwaDciLCJhdWQiOiJhcGk6Ly9zeW5nZW50YS10ZXN0IiwiaWF0IjoxNTk0NTc4MjE4LCJleHAiOjE1OTQ1ODE4MTgsImNpZCI6IjBvYXNqMTNhNDhEMDJYeGJUMGg3IiwidWlkIjoiMDB1c2o0bHByaXRucjBCcHEwaDciLCJzY3AiOlsiZW1haWwiLCJvcGVuaWQiLCJwcm9maWxlIl0sInN1YiI6ImdhZGV2QHN5bmdlbnRhLmNvbSJ9.fYU2RFj3CTSX-MVblXkFvCco72AOvyfDBc6njoTnA7kmMsuspO3mFf3n1vNobOi22VCQwjXULdk4Dnsf-VJXunmXT2ps0TjCd6wEAtvFVWxoS-jHpk2SYbU2WxeqGvIviG-fkqavPzsxiqSu_kcgv3OPXHB1T-jprCXM4GQWPLwFUWZbuvZSwTIk_TEUMjtUf5C-GEGExw7pbPVspkAJlrCVD0oQb5-AvUiqPeKsPx8FlXB7piUDAiI7E_lBsfLYe8PxM3PJXnd8SDewpZazma2MjYTcGSH92XjDAArDajpJQdofDHwclOWcMz9A6-pguS2ELB2yOpJpOQkMI9JanQ’,
parsedHeader: JwtHeader {
typ: ‘JWT’,
alg: ‘RS256’,
kid: ‘OrR_mnz02b3f3S4xARPV0kWN9rT3wLshRBXUFdIBP6o’
},
parsedBody: JwtBody {
ver: 1,
jti: ‘AT.x8GOwtUi8LATKeYklwfASd-d9zhDrpfvqiYDsucQUe4’,
iss: ‘https://signin-test.syngenta.com/oauth2/ausqmgapztkTfvQg70h7’,
aud: ‘api://syngenta-test’,
iat: 1594578218,
exp: 1594581818,
cid: ‘0oasj13a48D02XxbT0h7’,
uid: ‘00usj4lpritnr0Bpq0h7’,
scp: [ ‘email’, ‘openid’, ‘profile’ ],
sub: ‘gadev@syngenta.com’
},
innerError: Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1501:34)
at TLSSocket.emit (events.js:315:20)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:710:12) {
code: ‘UNABLE_TO_VERIFY_LEAF_SIGNATURE’
}
}
(node:74211) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag --unhandled-rejections=strict (see Command-line API | Node.js v18.0.0 Documentation). (rejection id: 1)
