search

auth0 / JWTDecode.Android

A library to help you decode JWTs for Android
https://jwt.io
MIT License
441 stars 78 forks source link

How to verify a token on Android #23

Closed mtsahakis closed 6 years ago

mtsahakis commented 6 years ago

Hi,

In https://github.com/auth0/java-jwt there is a specific section on how to verify a token.

I was wondering if that is possible on the Android side, i.e. if I have the public key and the algorithm, how could we verify that the received token was issued by a valid issuer?

In short, is there any way to verify the issuer of a signed token?

Many thanks in advance,

Manos

lbalmaceda commented 6 years ago

@mtsahakis no. This library only performs a decode operation without verifying the token's signature. We plan to include this in a near future supporting only RS256 algorithms.

ManjunathaKC commented 4 years ago

Any Updates on this implementation? Token verification for the RSA256 algorithm.

lbalmaceda commented 4 years ago

👋 @ManjunathaKC the focus of this project is still decoding JWTs. If you happen to be using our Android SDK with an Auth0 client, we have you covered as the SDK is performing OIDC compliant ID token validation before the token gets to you.