Is it possible to validate the access token received in a request locally in java ? My use case is without making a call to Okta api, is it possible to validate access token locally within java code ? Does okta allow that ? If so how ?
Hi @jivanpatil
If the access token was issued by a custom authorization server (eg. issuer is something like “https://org.okta.com/oauth2/default”), then you can retrieve the signing keys from /keys endpoint (eg. “https://org.okta.com/oauth2/default/v1/keys”) and use a JWT verifier such as this one in order to verify the token locally.
1 Like
what if it is issued by org authorizatipon server?
How can we validate it?
Please answer.
Hi @Shubham6541
You can use the same call basically as for the custom authorization servers:
curl --location --request POST 'https://dragos.okta.com/oauth2/v1/introspect' \
--header 'Accept: application/json' \
--header 'Authorization: Basic MG9hN...' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'token=TOKEN_HERE'
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.