Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

Verify JWT failed when using JWKS

I have generated a signed JWT RSA256 and then try to verify it.

When I verify with a public key that config in KVM, it working fine

 

<Algorithm>RS256</Algorithm>
<Source>jwt</Source>
<PublicKey>
	<Value ref="public.key"/>
</PublicKey>

 

 

But when I verify with JWKS, I got an error "Could not find a matching Public Key"

 

 

<Algorithm>RS256</Algorithm>
<Source>jwt</Source>
<PublicKey>
	<JWKS ref="json-jwks"/>
</PublicKey>

 

the json-jwks is variable that I set in javascript

 

var jwks = {
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "123456789",
      "alg": "RS256",
      "n": "iq.."
    }
  ]
};

context.setVariable("json-jwks", JSON.stringify(jwks));

 

 

I'm not sure where the error occurred. 

Because the value of jwks is generated from PUBLIC KEY (which is same as public.key).

 

Solved Solved
0 1 306
1 ACCEPTED SOLUTION

When you use a JWKS as a key source, the JWT that you hope to verify must have a JWT header that has a kid field that refers to a key in the JWKS. 

Do you have that? 

The kid in your JWKS is

123456789

Does your JWT have that as the value for kid in the header?

If you do not have that, then you will see the error,  "Could not find a matching Public Key".

dchiesa1_0-1737054349271.png

 

View solution in original post

1 REPLY 1

When you use a JWKS as a key source, the JWT that you hope to verify must have a JWT header that has a kid field that refers to a key in the JWKS. 

Do you have that? 

The kid in your JWKS is

123456789

Does your JWT have that as the value for kid in the header?

If you do not have that, then you will see the error,  "Could not find a matching Public Key".

dchiesa1_0-1737054349271.png