Validating id_token in Postman

Hi,

I need to validate the JWT token (id_token). Gone through the documentation to validate tokens, but don’t want to use anything like .Net, Java or Spring to do the job. Is there any way to validate the token using an end point in Postman ?

Thanks,
Shanthi

Have you checked /introspect? https://developer.okta.com/docs/reference/api/oidc/#introspect

1 Like

Hi @phi1ipp ,

Thanks for the hint. I have tried it with the fresh token but it in the response i get active=false. No clue why. I have decoded and verified the token, it says invalid signature. Why im getting invalid signature issue? Am i missing anything?

Thanks,
Shanthi

Not quite sure, I just validated /introspect, it works fine for me and reports my id_token as active.

As for your local verification, can’t tell anything specific about your situation as no information provided by you

Hi @phi1ipp,

I’m new to Okta, what details you might be requiring can you please let me know ? I can provide them.

Thanks,
Shanthi

Hi @phi1ipp

I figured it out. While copying the token I was doing some mistake that’s why it was giving invalid signature. After sometime when I decoded again, could see the valid signature. All i want is to assert the JWT token. As we are using mobile application, the app we created in Okta doesn’t have client secret. ‘introspect’ url expects client secret also. So, is there any other way to assert without client secret ? Please suggest.

Thanks & Regards,
Shanthi

You can do local validation of the signature from JWT, as an alternative. It doesn’t provide you the information, if the token has been revoked/invalidated on Okta side, but at least you will know that it’s a legit Okta token.

You’d need some library for JWT verification for that