NodeJS: Unable to verify JWT with Okta JWT Verifier

Question

I am trying to verify a JWT token sent from a frontend app using the @okta/jwt-verifier package.I keep getting the below error

JwtParseError: Error while resolving signing key for kid "kp2hms0pqlMsflp34dc"
innerError: Error: unable to get local issuer certificate

The credentials I am using are similar to the below

OKTA_AUDIENCE = 'api://default'
OKTA_CLIENT_ID = '0psnmdjeuti34spl8'
OKTA_ISSUER = 'https://dev-04567220.okta.com/oauth2/default'

const OktaJwtVerifier = require('@okta/jwt-verifier');
const oktaJwtVerifier = new OktaJwtVerifier({
  issuer: OKTA_ISSUER ,
  clientId: OKTA_CLIENT_ID 
});

oktaJwtVerifier.verifyAccessToken(token, OKTA_AUDIENCE )
.then(jwt => {
  // the token is valid (per definition of 'valid' above)
  console.log(jwt.claims);
})
.catch(err => {
  // a validation failed, inspect the error
});

What exactly am I doing wrong ?

@PhilippGrigoryev Yes this error occurs inside the catch block — Teknoville, Apr 20 '22 at 04:42
This probably mean, that your token is not correct. Based on the error description, the key used to sign the token, is not present at authZ server. So I think that nothing wrong is with your code, but with your token — Philipp Grigoryev, Apr 20 '22 at 12:36
I don't think you are doing something wrong. It's maybe the token doesn't pass validate. Did you try to inspect it manually to see that all the parameters inside it are fine? See the answer from @alisaduncan below to find out what is/should validated — Philipp Grigoryev, Apr 22 '22 at 00:03

score 0 · Answer 1 · answered Apr 21 '22 at 22:33

Here's the developer documentation on how to verify a token from Okta.

Some things to double-check

Your Audience, Client ID, and Issuer are correct and matches how the front-end gets the token
You are only verifying the token (so the Bearer text is removed)
The front-end is sending you the correct token, the Access token

NodeJS: Unable to verify JWT with Okta JWT Verifier

1 Answers1