Why isn't there a constructor that takes a jwt token as a parameter?

[thdwoqor]

Checklist

• [X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

static URL urlForDomain(String domain) {
    Util.checkArgument(!Util.isNullOrEmpty(domain), "A domain is required");

    if (!domain.startsWith("http")) {
        domain = "https://" + domain;
    }

    try {
        final URI uri = new URI(domain + WELL_KNOWN_JWKS_PATH).normalize();
        return uri.toURL();
    } catch (MalformedURLException | URISyntaxException e) {
        throw new IllegalArgumentException("Invalid jwks uri", e);
    }
}

// UrlJwkProvider.class

You can create an instance with the current URL object or a string as a parameter. But when I wrote a constructor with a string unexpected issues arise, such as an additional WELL_KNOWN_JWKS_PATH appended to the domain address. In fact, if we have a JWT token, we don't even need to know the JWKS URL.

To get the JWKS URL, you don't need to know the JWKS URL explicitly. Instead, you can access the {iss}/.well-known/openid-configuration address to retrieve the jwks_url. For instance, if you examine Google's OIDC, you'll notice that the JWK URL does not include the WELL_KNOWN_JWKS_PATH segment.

Describe the ideal solution

I want to create a constructor that takes a token as a parameter and doesn't need to know the JWK URL automatically.

Alternatives and current workarounds

No response

Additional context

No response

[jimmyjames]

👋 hi @thdwoqor, if you already have a token, you should check out a JWT library such as java-jwt. This library is to be used to retrieve the signing keys from a JWKS endpoint. With regards to the JWKS URL, you can use the JwkProviderBuilder(String domain) constructor to specify the base path and the well-known endpoint will be added for you, or use the JwkProviderBuilder(URL url) constructor to specify the entire URL yourself.

Hope that helps!

[jimmyjames]

Per the comment above and in #190, closing this issue as it is possible to specify a full URL to the JWKS endpoint.

[thdwoqor]

hi @jimmyjames Sorry for the delay. The problem with the current JWTVerifier is that you have to know the string domain or URL yourself. However, if you only know the JWT, you can verify without knowing the String domain or URL as shown in the post. Is it better to create a new issue in java-jwt