Larry Martell
Reputation: 3756
Getting public key for validating JWT
I am getting a JWT from login.microsoftonline.com and I need to get its public key to validate it. I am using PyJWKClient to get it, thusly:
import jwt
import certifi
import ssl
from jwt import PyJWKClient
token = "my JWT"
url = "https://login.microsoftonline.com/common/discovery/v2.0/keys"
JWT_AUDIENCE = "my audience"
JWT_ISSUER = "my issuer"
ssl_context = ssl.create_default_context(cafile=certifi.where())
jwks_client = PyJWKClient(url, ssl_context=ssl_context)
signing_key = jwks_client.get_signing_key_from_jwt(token)
data = jwt.decode(
token,
signing_key.key,
algorithms=["RS256"],
audience=JWT_AUDIENCE,
issuer=JWT_ISSUER
)
This fails with jwt.exceptions.InvalidSignatureError: Signature verification failed
I have verified the audience and issuer match what is in the JWT and that what is returned from https://login.microsoftonline.com/common/discovery/v2.0/keys contains the kid in the JWT, and the JWT is not expired. What am I doing wrong here?
Upvotes: 0
Views: 206
Answers (0)
Related Questions
- How to verify JWT id_token produced by MS Azure AD?
- JWT (JSON Web Token) automatic prolongation of expiration
- Microsoft public keys only validate id token and not access tokens
- Where's the Key for My Azure AD B2C Token?
- How to verify an Azure OAuth Access JWT Token in native Javascript without using a library?
- Validating kid in azure jwt token by hard coding the kid
- Azure AD Signing Keys for JWT
- How do I verify a JWT signature for an Azure B2C id token in Java?
- Azure JWT Token Key Rotation
- JWT with multiple private/public keys pairs