Closed thdwoqor closed 11 months ago
👋 hi @thdwoqor, if you already have a token, you should check out a JWT library such as java-jwt. This library is to be used to retrieve the signing keys from a JWKS endpoint. With regards to the JWKS URL, you can use the JwkProviderBuilder(String domain)
constructor to specify the base path and the well-known endpoint will be added for you, or use the JwkProviderBuilder(URL url)
constructor to specify the entire URL yourself.
Hope that helps!
Per the comment above and in #190, closing this issue as it is possible to specify a full URL to the JWKS endpoint.
hi @jimmyjames Sorry for the delay. The problem with the current JWTVerifier is that you have to know the string domain or URL yourself. However, if you only know the JWT, you can verify without knowing the String domain or URL as shown in the post. Is it better to create a new issue in java-jwt
Checklist
Describe the problem you'd like to have solved
You can create an instance with the current URL object or a string as a parameter. But when I wrote a constructor with a string unexpected issues arise, such as an additional WELL_KNOWN_JWKS_PATH appended to the domain address. In fact, if we have a JWT token, we don't even need to know the JWKS URL.
To get the JWKS URL, you don't need to know the JWKS URL explicitly. Instead, you can access the {iss}/.well-known/openid-configuration address to retrieve the jwks_url. For instance, if you examine Google's OIDC, you'll notice that the JWK URL does not include the WELL_KNOWN_JWKS_PATH segment.
Describe the ideal solution
I want to create a constructor that takes a token as a parameter and doesn't need to know the JWK URL automatically.
Alternatives and current workarounds
No response
Additional context
No response