I have an okta idp with client authentication done using client secret. Once I have a user signed in, I wish to validate their access token using jjwt library. I have seen https://www.baeldung.com/java-jwt-token-decode on how to perform this using public key/private key. How do I do this with the client secret?
Thanks!
In case anyone else comes across this - you need to use the /.well-known/oauth-authorization-server endpoint for your idp to get the jwks_uri. This will give you the information about the key. From there you need to build the 'keys' field in the jwks_uri.
Assuming the keyItem object here is the map you get from the list from the 'keys' key in the jwks_uri.
String family = (String) keyItem.get("kty");
RSAPublicKeySpec rsaPublicKeySpec = getPublicKey();
KeyFactory keyFactory = KeyFactory.getInstance(family);
PublicKey publicKey = keyFactory.generatePublic(rsaPublicKeySpec); // throws exception
JwtParser parser = Jwts.parserBuilder().setSigningKey(publicKey).build();
Jwt result = parser.parse(accessToken);