Okta-jwt-verifier-java does not use discovery endpoint to determine keys url

jfitzu · January 11, 2024, 6:36pm

I am running into issues using the jwt-verifier-java libraries to verify an id token from azure. Everything works beautifully when using okta. From my understanding, the libraries should work for any idp conforming to OIDC standards, but please correct me if it is intended to be okta only.

From the readme “This helper class configures a JWT parser with the details found through the OpenID Connect discovery endpoint.”

I see however from the code that the issuer url is used to create the keys endpoint and the discovery endpoint is not called.

protected String resolveKeysEndpoint(String issuer) {
        return  issuer.matches(".*/oauth2/.*")
                    ? issuer + "/v1/keys"
                    : issuer + "/oauth2/v1/keys";
    }

My issue is that for my customer using azure instead of okta, this is the incorrect keys endpoint. Why is the discovery endpoint not utilized? Thanks in advance!

andrea · January 11, 2024, 6:41pm

Our libraries are written and tested with Okta’s endpoints in mind and are not designed to be generic libraries compatible with other Identity Providers.

You can however find some other JWT verifier libraries (there are 7 listed for Java) here: JSON Web Token Libraries - jwt.io

system · January 16, 2024, 5:25pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.