Okta-jwt-verifier-java does not use discovery endpoint to determine keys url

jfitzu · January 11, 2024, 6:36pm

I am running into issues using the jwt-verifier-java libraries to verify an id token from azure. Everything works beautifully when using okta. From my understanding, the libraries should work for any idp conforming to OIDC standards, but please correct me if it is intended to be okta only.

From the readme “This helper class configures a JWT parser with the details found through the OpenID Connect discovery endpoint.”

I see however from the code that the issuer url is used to create the keys endpoint and the discovery endpoint is not called.

protected String resolveKeysEndpoint(String issuer) {
        return  issuer.matches(".*/oauth2/.*")
                    ? issuer + "/v1/keys"
                    : issuer + "/oauth2/v1/keys";
    }

My issue is that for my customer using azure instead of okta, this is the incorrect keys endpoint. Why is the discovery endpoint not utilized? Thanks in advance!

andrea · January 11, 2024, 6:41pm

Our libraries are written and tested with Okta’s endpoints in mind and are not designed to be generic libraries compatible with other Identity Providers.

You can however find some other JWT verifier libraries (there are 7 listed for Java) here: JSON Web Token Libraries - jwt.io

system · January 16, 2024, 5:25pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
OIDC Token Signature Validation Fails OAuth/OIDC	9	7728	October 11, 2017
Kid in OIDC JWT doesn't match any in jwks_uri OAuth/OIDC	6	68	November 1, 2024
JWT Verification in Java Questions	5	5103	January 9, 2020
Authenticating using API Token vs JWT Token OAuth/OIDC	1	4554	February 12, 2024
Issuer Mismatch in JWTVerifier Questions	8	5377	April 7, 2021

Okta-jwt-verifier-java does not use discovery endpoint to determine keys url

Related topics