FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Java verification code for HS256 signed id token

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    2
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gokul.mahajan20
      last edited by

      How to verify HS256 ID Token using FusionAuth java Client libraries ?

      Description: I have created an app in FusionAuth that has a Clinet ID and Client Secret generated, I have not touched any other section/tab like JWT etc, default JWT signing algo is OIDC standard HMAC SHA256.

      I tried using following code approach to validate the token based on public key, but its not working for HS256 signed token, I searched over internet and found public key is not applicable for HS256

      Could you please provide me a Java code to verify HS256 signed token using FusionAuth Java client libraries (https://github.com/FusionAuth/fusionauth-jwt).
      Please also let me know that do I need any additional configuration on FusionAuth Admin Console.

      Code which I tried: Its giving blank public keys.

          List<JSONWebKey> keys = JSONWebKeySetHelper.retrieveKeysFromJWKS("http://localhost:9011/.well-known/jwks.json");

    Map<String, Verifier> publicKeyVerifiers = new HashMap<String, Verifier>();

    JWT jwtDecoded = JWT.getDecoder().decode(idToken, publicKeyVerifiers);
      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @gokul.mahajan20
        last edited by

        @gokul-mahajan20 I think you can find examples here: https://github.com/FusionAuth/fusionauth-jwt/#sign-and-encode-a-jwt-using-hmac

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post