Validate Okta token in java

Is it possible to validate the access token received in a request locally in java ? My use case is without making a call to Okta api, is it possible to validate access token locally within java code ? Does okta allow that ? If so how ?

Hi @jivanpatil

If the access token was issued by a custom authorization server (eg. issuer is something like “https://org.okta.com/oauth2/default”), then you can retrieve the signing keys from /keys endpoint (eg. “https://org.okta.com/oauth2/default/v1/keys”) and use a JWT verifier such as this one in order to verify the token locally.

1 Like

what if it is issued by org authorizatipon server?
How can we validate it?
Please answer.

Hi @Shubham6541

You can use the same call basically as for the custom authorization servers:

curl --location --request POST 'https://dragos.okta.com/oauth2/v1/introspect' \
--header 'Accept: application/json' \
--header 'Authorization: Basic MG9hN...' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'token=TOKEN_HERE'