• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Manually verifying a JWT

Scheduled Pinned Locked Moved
Q&A
5
17
12.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dan
    last edited by 13 Jul 2020, 14:45

    Hiya,

    I was able to successfully decode a JWT. From reviewing this thread, I think maybe the issue is that you are using the wrong secret. It seems like you might have accidentally been using the id of the signing key '1c8e490a-4972-7d73-8935-06621a0a6441' instead of the actual secret key.

    Here's how I found my secret key:

    • go to settings
    • go to keymaster
    • click on the green magnifying glass icon to view the default key
    • click on click here to see the secret.

    Screen Shot 2020-07-13 at 8.41.00 AM.png

    My secret looked something like this: n0EfufcUAuYM6199G3ffRp+YUVMPodabtlI/wT8oBYc=.

    Can you try validating your JWT with the secret found through those steps and let me know how it goes?

    --
    FusionAuth - Auth for devs, built by devs.
    https://fusionauth.io

    B 1 Reply Last reply 3 Jan 2023, 00:36 Reply Quote 1
    • R
      raghebmichael
      last edited by 14 Jul 2020, 02:59

      Thank you so much Dan, that was exactly the issue. I successfully verified a token with that secret. I appreciate it very much.

      1 Reply Last reply Reply Quote 2
      • D
        dan
        last edited by 14 Jul 2020, 12:58

        Excellent, I'm glad you figured it out.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • B
          bharath.yadavally @dan
          last edited by 3 Jan 2023, 00:36

          @dan How can I view RS256 secret?

          It says The private key is not viewable

          Screen Shot 2023-01-03 at 11.34.46 am.png

          D 1 Reply Last reply 3 Jan 2023, 02:45 Reply Quote 1
          • D
            dan @bharath.yadavally
            last edited by 3 Jan 2023, 02:45

            @bharath-yadavally You don't typically view the RS256 secret for a generated key.

            If you must have access to that, generate the RS256 keypair outside of FusionAuth and import the keypair.

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            B 3 Replies Last reply 3 Jan 2023, 03:06 Reply Quote 0
            • B
              bharath.yadavally @dan
              last edited by 3 Jan 2023, 03:06

              @dan I forgot how I created my key at first place, imported a new one and using private key which I generated.

              1 Reply Last reply Reply Quote 0
              • B
                bharath.yadavally @dan
                last edited by 3 Jan 2023, 03:08

                @dan Now I am able to validate the token using RS256.
                But, trying to figure out how can I add a user status ACTIVE or INACTIVE to jwt token when generated first time by fusionauth.

                I previously used auth0 where we can add a js script like lambda functions to add custom parameters to jwt. Is something I could do with fusionauth?

                1 Reply Last reply Reply Quote 0
                • B
                  bharath.yadavally @dan
                  last edited by 3 Jan 2023, 03:17

                  @dan Discard my comment above regarding custom claims for JWT.

                  I found your post: https://fusionauth.io/community/forum/topic/65/how-does-one-add-custom-claims-to-the-jwt-issued-by-the-oauth-flow?_=1672715552700

                  Which should guide me through next steps. Thanks 👨‍💻

                  D 1 Reply Last reply 4 Jan 2023, 22:13 Reply Quote 1
                  • D
                    dan @bharath.yadavally
                    last edited by 4 Jan 2023, 22:13

                    @bharath-yadavally Glad you're getting it figured out!

                    --
                    FusionAuth - Auth for devs, built by devs.
                    https://fusionauth.io

                    1 Reply Last reply Reply Quote 0
                    • A
                      austinpatrick711
                      last edited by 16 Jan 2023, 09:13

                      This post is deleted!
                      1 Reply Last reply Reply Quote 0
                      • G
                        grately47 @raghebmichael
                        last edited by 30 Jan 2023, 08:18

                        @raghebmichael said in Manually verifying a JWT:

                        Something is very wrong. I don't know if this is something anybody else is facing, but I changed to a RS256 key and used the public key on jwt.io and it is still invalid. I cannot validate a JWT outside of /api/jwt/validate. This is a really big deal to me to be able to do something as simple as validating. Please let me know if I am in error, but if I can't get this to work I cannot continue using fusionauth and that's a big bummer to me as I had high hopes for this service.

                        b63ceaca-e17c-48e4-b7cc-fe757eff696f-image.png

                        This is exactly what I was looking for to solve my problem.
                        Thank you very much.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post