0

When I try to verify JWT token using the SpomkyLabsJose Library with the credentials provided by the client it shows "Invalid URL. 200" I don't know why it's showing 200. Also, the token is created with OpenID Connect. The code is pasted below.

I have tried to decode it with PHP JWT library but found that it cannot be done without the secret key. But in our case the client won't provide the secret key

<?php
$jwt = $_REQUEST['id_token'];

$jwtVerifier = (new \Okta\JwtVerifier\JwtVerifierBuilder())
    ->setDiscovery(new \Okta\JwtVerifier\Discovery\Oauth) // This is not needed if using oauth.  The other option is OIDC
    ->setAdaptor(new \Okta\JwtVerifier\Adaptors\SpomkyLabsJose)
    ->setAudience('api://default')
    ->setClientId('{clientId}')
    ->setIssuer('https://{yourOktaDomain}.com/oauth2/default')
    ->build();

$jwt = $jwtVerifier->verify($jwt);

dump($jwt); //Returns instance of \Okta\JwtVerifier\JWT

dump($jwt->toJson()); // Returns Claims as JSON Object

dump($jwt->getClaims()); // Returns Claims as they come from the JWT Package used

dump($jwt->getIssuedAt()); // returns Carbon instance of issued at time
dump($jwt->getIssuedAt(false)); // returns timestamp of issued at time

dump($jwt->getExpirationTime()); //returns Carbon instance of Expiration Time
dump($jwt->getExpirationTime(false)); //returns timestamp of Expiration Time
m13op22
  • 2,168
  • 2
  • 16
  • 35
user3906437
  • 1
  • You need to replace {yourOktaDoman} with a value that matches your Okta tenant. For example “dev-133320.okta”. – Matt Raible Aug 06 '19 at 13:43
  • Thank you for your response. That already placed. The okta domain, client ID and setIssuer replaced with the original values. Because Client details are confidential I don't put here. – user3906437 Aug 06 '19 at 13:48

0 Answers0