okta-jwt-verifier-java icon indicating copy to clipboard operation
okta-jwt-verifier-java copied to clipboard

Published 20 hours ago verified publisher icon okta

Issuer verification failed (Okta + Ktor + SwaggerUI)

Open BlackHornet opened this issue 2 years ago • 1 comments

Hello,

currently I have an issue with my api authentication.

Setup: I'm building a basic Ktor API and provided an Authentication feature to validate Okta accessTokens.

Via a swagger UI I login at okta and retrieve my accessToken, which contains an issuer: "iss": "https://dev-ylqkdtaqkg6cqazy.eu.auth0.com/"

When I am using the accessTokenVerifier to validate and verify the incoming accessToken using the following builder

JwtVerifiers.accessTokenVerifierBuilder()
    .setIssuer("https://dev-ylqkdtaqkg6cqazy.eu.auth0.com/")
    .setAudience("api://default")
    .build()

I get an exception that issuer claim does not match Caused by: io.jsonwebtoken.IncorrectClaimException: Expected iss claim to be: https://dev-ylqkdtaqkg6cqazy.eu.auth0.com, but was: https://dev-ylqkdtaqkg6cqazy.eu.auth0.com/.

Checking the BaseVerifierBuilderSupport it seams like the trailing slash was removed, when setIssuer() is called

What can I do, as the issuer in the accessToken comes from auth0 as well. See my openid-configuration https://dev-ylqkdtaqkg6cqazy.eu.auth0.com/.well-known/openid-configuration

Regards

BlackHornet avatar Dec 19 '22 11:12 BlackHornet

@BlackHornet Thanks for posting! I'll take a look.

arvindkrishnakumar-okta avatar Dec 19 '22 14:12 arvindkrishnakumar-okta