Hello nice folks, and thank you very much for your work.
I am dealing with a third-party (so I can't change their implementation) that sends us a jwt, which we need to verify the signature of. This third party is serving their public key using a URL, and the include this URL inside the headers of the token,
I could of course store their URL or the public key itself in my application, but I am a bit skeptical they might change it in the feature, so ideally I would to fetch the key every time (despite the extra latency). So I would like to 1) parse the jwt token 2) access the headers to get the URL 3) fetch the key 4) verify the signature of the jwt token.
so What is the problem?
If I try to create a JWT token using the raw token string, the headers of the token are not set and it throws an exception.
Hello nice folks, and thank you very much for your work.
I am dealing with a third-party (so I can't change their implementation) that sends us a jwt, which we need to verify the signature of. This third party is serving their public key using a URL, and the include this URL inside the headers of the token,
example headers:
I could of course store their URL or the public key itself in my application, but I am a bit skeptical they might change it in the feature, so ideally I would to fetch the key every time (despite the extra latency). So I would like to 1) parse the jwt token 2) access the headers to get the URL 3) fetch the key 4) verify the signature of the jwt token.
so What is the problem? If I try to create a JWT token using the raw token string, the headers of the token are not set and it throws an exception.
Only if I provide the key along with the raw token, are the jwt headers available.