hi guys, we attempt to do JWT signature validation...
# ask-a-descoperb
brave-flower-58422
07/24/2023, 7:08 AMhi guys, we attempt to do JWT signature validation in our backend. how can we find the public key? we don't use descope's client for the validation
s
stocky-van-20808
07/24/2023, 7:15 AMHey @brave-flower-58422 ☀️ its is recommended to use the sdk for that to add more capabilities such as auto-refresh. However you can always use REST API documented here to get the public key and most jwt libraries in all languages you use provide a validation function
b
brave-flower-58422
07/24/2023, 7:37 AMGreat thank you! It seems i'm doing something wrong?
1. I take a JWT from https://descope-explorer.com/?flow={my-flow-id}&project={my-project-id}
a. Payload.sessionJwt
2. I copy the "sessionJwt" to JWT debugger at jwt.io
3. Call the API you referenced above
a. Take the algorithm and pkey from the fields "keys[0].alg" and "keys[0].n" and input them in jwt.io
4. The validation failed with an invalid signature
Also note that it is the same phenomenon in our JWT validation backend logic
s
stocky-van-20808
07/24/2023, 8:16 AMhey @brave-flower-58422 sorry for the delay. have you tried placing the entire public key json into the public key input area. that should work
b
brave-flower-58422
07/24/2023, 8:19 AMAmazing it works! thank you
👍 1