Hi all, we are using a token issued by an IdP with which we are not directly integrated using Oauth and we would like to validate the incoming JWT token and then add the user from the JWT a security-context so that our usual authorization flow could kick in. Is there a way we can use the spring-security-rest to do the token validation for us even though we are not generating any token? https://github.com/apache/grails-spring-security/blob/7.0.x/plugin-rest/docs/src/docs/tokenValidation.adoc

It's my understanding that the validation uses the jwt secret to check the token was created by an authorized source. Since you're getting the token from Idp, I'm assuming you do not have the jwt secret ?

@jdaugherty Thank you very much. Can we just use the spring-security-rest plugin for validating the token without implementing the overall workflow? The use-case is a bit unique because the IdP like proxy system today just generates the token and signs it without implementing the entire oauth protocol. So in our app we might have to just validate the incoming token and extract the user-details from the claims and use it to setup security-context.

do you have the jwt secret?