I need to validate the id_token I receive after authenticating with Auth0 on my website.
I know that I need to use the key in x5c from the jwks_uri. But what I don't know is if this information is stored somewhere by the OIDC-client-js component after being authenticated.
If so where can I find it to use it ? Or do I have to manually make a request to https://myapplication/.well-known/jwks.json ?
Thanks in advance for your help.
The oidc-client-js seems to be already validating an ID Token when it receives one, but if you want to do it manually anyway, you should have access to the metadataService on the UserManager object, and the metadataService has a getSigningKeys() method, which will either return keys from the cache or download them from the jwks endpoint. Just remember that there is much more to be done to verify the ID token, so it's really worth rethinking if you should do it on your own if you're already using a library which does that.
You can have a look how much work is done to validate the ID token in the oidc-client-js: https://github.com/IdentityModel/oidc-client-js/blob/c150cd26dd29a09fedb4faaa95f00c16ddd90906/src/ResponseValidator.js#L354
