Location of public key for JWT validation

By: Lehel Jozsef user 06 Jan 2017 at 1:57 p.m. CST

5 Responses
Lehel Jozsef gravatar
Hi, I would need the public key for RS256 jwt validation through the Kong jwt plugin (https://getkong.org/plugins/jwt/). Trying to validate the ID token's signature and expiry through the Kong API gateway using the plugin mentioned above. Is there a location for the public key Gluu uses for RS256 signature? A reliable way to generate it? Thank you, Lehel
Rhel72
closed

Answers

By Michael Schwartz Account Admin 06 Jan 2017 at 2:07 p.m. CST

Copy
Michael Schwartz gravatar
Wouldn't this be available via the OpenID Connect Discovery page? i.e. check the `jwks_endpoint` value in `https://(hostname)/.well-known/openid-configuration`

By Lehel Jozsef user 06 Jan 2017 at 2:16 p.m. CST

Copy
Lehel Jozsef gravatar
Not sure how to go about using the data exposed there in this case. { "kid": "05482c85-10dd-482a-b968-95f09517fd0e", "kty": "RSA", "use": "sig", "alg": "RS256", "exp": 1511378246313, "n": "vqnaTKeM7scqbOW1H-nmLPJeTWWbPQ22UDwsL6Ym_mGAz7sxkGCzdfQYj-Xl0Rpd2IWY_IxwuyLw7OmQ42noxwOV4DhVw8to1BOqBz2AOC6P94CTNGrUr4CJH7nSlhe_y2dtAi5RA68n5KjquQOoQ1I3TN01NSD_ccKs7MeXw1xtkQkOis0251eHxH1CQ-Cl_n5LX6RULlUSekCpsnJ1_tTFiWWCzo-DwzuukO8H1HbLBa43rGwEyPRZqQ-8r0mKJKdyDn5lPNwVdiItud4FhHN8JWjQ9GYr3aPWRjRld6YcE9O01nGqrWBOTDLqY1mOmIaQne_Fi2UZd58m5kyLTw", "e": "AQAB" } We can generate a public key from this but Kong won't take it. And the actual public key with the bellow format is not exposed. -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY----- I might be missing something simple here so please bare with me. Lehel

By Michael Schwartz Account Admin 06 Jan 2017 at 2:18 p.m. CST

Copy
Michael Schwartz gravatar
Javier, can you help Lehel with this question?

By Javier Rojas staff 06 Jan 2017 at 4:02 p.m. CST

Copy
Javier Rojas gravatar
Hello Lehel, In your last example the public key is separated in two values: modulus and exponent. oxAuth can also generate x5c with the following Key Generator: https://github.com/GluuFederation/oxAuth/blob/master/Client/src/main/java/org/xdi/oxauth/util/KeyGenerator.java ``` java -cp bcprov-jdk15on-1.54.jar:.jar:bcpkix-jdk15on-1.54.jar:commons-cli-1.2.jar:commons-codec-1.5.jar:commons-lang-2.6.jar:jettison-1.3.jar:log4j-1.2.14.jar:oxauth-model.jar:oxauth.jar org.xdi.oxauth.util.KeyGenerator -h ``` ``` usage: KeyGenerator -algorithms alg ... -expiration n_days [-ox11 url] [-keystore path -keypasswd secret -dnname dn_name] -algorithms <arg> Signature Algorithms (RS256 RS384 RS512 ES256 ES384 ES512). -dnname <arg> DN of certificate issuer. -expiration <arg> Expiration in days. -h Show help. -keypasswd <arg> Key Store password. -keystore <arg> Key Store file. -ox11 <arg> oxEleven Generate Key Endpoint. ``` ``` KeyGenerator -algorithms RS256 RS384 RS512 ES256 ES384 ES512 -keystore /Users/JAVIER/tmp/mykeystore.jks -keypasswd secret -dnname "CN=oxAuth CA Certificates" -expiration 365 ``` ``` {"keys": [ { "kid": "06ef9d63-37c9-491d-a24f-8dc698ed5fb3", "kty": "RSA", "use": "sig", "alg": "RS256", "exp": 1515275249816, "n": "4zTZBoTpb-MITqDFDdwjdQZ5guz4oDZDavhk3PuMaWoNPnEJLudrCgUJCWxUfGV2IhwFJZz4V_nHDzULuYHB7pFY_TYVbt8qA8B_6Saki6K9J8--hbh8tltEpo_DfzYDafaKJT9q472wNDG1aruAXWPKeUm9KwzQVhnxQnyplP6-VG2X1k064CDDnVyZ3I19CAyXgM6jtWLK3kJ18ILH7vhILeu_6bGaeP0tStT5OuRCV6J4hT1piiZkOPJsm8ZcenrMofHUAAqq2FqN4hqyiQvlH3HWkkmNSc9DsTfIvnOHBvdxedGklYg6R0FtvlSKriFeMN24AqYZDpS5QFPc3w", "e": "AQAB", "x5c": ["MIIDBDCCAeygAwIBAgIhAK8ivMFdhCoEL1v0EixLwQjFBHdWXlN2T0AL4zKiGO3YMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTcwMTA2MjE0NzIwWhcNMTgwMTA2MjE0NzI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zTZBoTpb+MITqDFDdwjdQZ5guz4oDZDavhk3PuMaWoNPnEJLudrCgUJCWxUfGV2IhwFJZz4V\/nHDzULuYHB7pFY\/TYVbt8qA8B\/6Saki6K9J8++hbh8tltEpo\/DfzYDafaKJT9q472wNDG1aruAXWPKeUm9KwzQVhnxQnyplP6+VG2X1k064CDDnVyZ3I19CAyXgM6jtWLK3kJ18ILH7vhILeu\/6bGaeP0tStT5OuRCV6J4hT1piiZkOPJsm8ZcenrMofHUAAqq2FqN4hqyiQvlH3HWkkmNSc9DsTfIvnOHBvdxedGklYg6R0FtvlSKriFeMN24AqYZDpS5QFPc3wIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBADm+jBXkVk0HRpZVGn4EpAS0tm6QbioA9qLcMg0hFITZUWNV1ce+64oOq7Yrd52+Xk5X0EaAoftW1i8lMSfz0HjJ1rxzCAu01Dj3ZwfajNtjThxGOlujb5YUmUd\/twdCVo6okGA\/rbgKgP3i+xl\/wBvDpuM4ldIinF1Y\/iekAr1cRkdcDo+pFuUVX9\/mfA2qt5l8mLzir4xn86wtvO0er\/ad8JMb3mp\/PDL54Ahqg3o6cLsdofnV9NOpb1J7Oing17BWB+bF4D\/etK4+yDnYDGbhc+NI6r++20vKbgNvacELRRDzjw5pTwhCVe+kuZoIH7k6FoDIqBUQ5BW2lzONORE="] }, { "kid": "64264839-9d8a-443b-a9bf-6348fdfae0e2", "kty": "RSA", "use": "sig", "alg": "RS384", "exp": 1515275249816, "n": "ts9iZiUP_AwejH5Y-MEkKvqNDe5kD8Su8GGEvYGjyPNLrBJ_0xjOrpUbqb9sqeD2Pevr0vxo7IFN2grcr9AWDwubDD4PDNZaltXYUz7qP0JkB5giQDbpRLYSivQrCpDUWozuYnNI6zGf_paH2fr1Wgb1wUViNvgXV0sdkZGtiwNaz8pdbEfJ-UcUMhlx-UH2LdKITrkQ0oatZNnKdAGqVi_Ntd5d5ZPrfv6MWW4faxmy2Gqp0T78fwKiDU4MdvdlIThdKsE0AxX3d-2flzrkaZsh2vrsoTHYC33909thWGIHzb5T93b7Z1wAyXBzaloM8s5_5WybuJdBXynq9RNUlw", "e": "AQAB", "x5c": ["MIIDBDCCAeygAwIBAgIhAIKtFXplmkPFx2gZL+L5UPiEtBoHViQiHe+kWgoiIYnDMA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTcwMTA2MjE0NzIxWhcNMTgwMTA2MjE0NzI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts9iZiUP\/AwejH5Y+MEkKvqNDe5kD8Su8GGEvYGjyPNLrBJ\/0xjOrpUbqb9sqeD2Pevr0vxo7IFN2grcr9AWDwubDD4PDNZaltXYUz7qP0JkB5giQDbpRLYSivQrCpDUWozuYnNI6zGf\/paH2fr1Wgb1wUViNvgXV0sdkZGtiwNaz8pdbEfJ+UcUMhlx+UH2LdKITrkQ0oatZNnKdAGqVi\/Ntd5d5ZPrfv6MWW4faxmy2Gqp0T78fwKiDU4MdvdlIThdKsE0AxX3d+2flzrkaZsh2vrsoTHYC33909thWGIHzb5T93b7Z1wAyXBzaloM8s5\/5WybuJdBXynq9RNUlwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAITwCZauyqnk3kUWX1LH3cw3XCFjsSnbuTjM3ZA6nRJpF8eSL7Mz9TFAeBtaKimLbt8u1aiIu8YIg3MMW556bs8LrOq4ZFhMBNXDic29axrcXA8Ezi7Ses9mqR3jNdICkpt3kt4WDxocERp9gKYsO1yLVk3Fah42Z8U35zXdoqSKgVe\/KHfhfrDTtM7L9eieMHjaK5u9UtubTg81BGTzWCjVnvHp95uYkoGNpKa+1pC0Nn531sU88nVB8if0sShy3FdKVY8URveSxu7zjSuPdgvHDPKMecWePpf+pe9UGGEYpidDn9voUlpZTTyapdid9IpcSuq3YJwK7vLbKfXQIxg="] }, { "kid": "89f661dd-ac50-4764-958c-12cf6fdae49a", "kty": "RSA", "use": "sig", "alg": "RS512", "exp": 1515275249816, "n": "2_6F-EaIBbfg-eri__RvqjDN-VYlO4C14_V1SpsBJa9kYvQddw5Q7PXS3jVbgAHYBoKIh2ImvUngycL572sjcY_7NUvrtvj4ldE69kwiuUJX5-Om5vhikFiclC5fkqKmNvDg065kwim_ZhDZlg9v6ScyImgVYGMW6Q3ndhfT1L_igHwG3NOzvfKwOsTWpa20Oqe6vbdIcHQsCp8J0ST021RDvk2eG5xrbdFZGKRz6N9YghFcfw_2JYGiJwqv9mRFEiv2T4R24_1Befmdf2n2wUvf54CjF_6runCrf-AKSTXHMX3sN9ckA2-Yah-D5we0-9eN9XZj9PuMLdFhC-lmGQ", "e": "AQAB", "x5c": ["MIIDBDCCAeygAwIBAgIhAOAe9Uy56iG52AdFZTSjWz4hwPM8TwNQMorXvCYqSHCBMA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTcwMTA2MjE0NzIyWhcNMTgwMTA2MjE0NzI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2\/6F+EaIBbfg+eri\/\/RvqjDN+VYlO4C14\/V1SpsBJa9kYvQddw5Q7PXS3jVbgAHYBoKIh2ImvUngycL572sjcY\/7NUvrtvj4ldE69kwiuUJX5+Om5vhikFiclC5fkqKmNvDg065kwim\/ZhDZlg9v6ScyImgVYGMW6Q3ndhfT1L\/igHwG3NOzvfKwOsTWpa20Oqe6vbdIcHQsCp8J0ST021RDvk2eG5xrbdFZGKRz6N9YghFcfw\/2JYGiJwqv9mRFEiv2T4R24\/1Befmdf2n2wUvf54CjF\/6runCrf+AKSTXHMX3sN9ckA2+Yah+D5we0+9eN9XZj9PuMLdFhC+lmGQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBABbU0CmKv8V2e8WOrZqtUN4c7r6ffL9+5JeNQ7AOrXcK5wes5NZVFH84KSlsSXmrHjatZdZvBvijlEOVHMo\/KIu0O8BDTipHrThLGiOpc7WN6VTo+HNXQnjdKDybWnE7ayK5aJ\/mqTDvThsNUpyrO+ZI91x4r8QJCC5pXWPnSAfbxkZsrcfQmvb6gE+d\/6phR0aD5n9fMZb0aFHAoLyXvA7c2gloncZ+0uSv33jKaEJzD01UBo+OR4DtovPQpI5yog9yAqw9P6Zh36\/cj1ra1dhZHqU4jOESvQiMijnXQ5XXE\/lZvWckNvFX8uPVEgj9hNvBWo7LAe9Tz0ahcIqeqNY="] }, { "kid": "a7b0fd45-b715-4709-807f-b1696b4c3c70", "kty": "EC", "use": "sig", "alg": "ES256", "exp": 1515275249816, "crv": "P-256", "x": "mqbjjEkGpIuwe-TIAojfDSdUTXjPEnxd0w1paTEdjB4", "y": "txBayxVFcvFsbHeNcGq7zN3PwZ1l5kxHKnmLvZs9FGA", "x5c": ["MIIBdzCCAR2gAwIBAgIgCiC2QcDcX75OChL10dtN8Trn44XloIpG9qC7X5uVtPIwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xNzAxMDYyMTQ3MjJaFw0xODAxMDYyMTQ3MjlaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASapuOMSQaki7B75MgCiN8NJ1RNeM8SfF3TDWlpMR2MHrcQWssVRXLxbGx3jXBqu8zdz8GdZeZMRyp5i72bPRRgoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSAAwRQIhAJoANNmYrPDjYjMkQVO8\/WSJIhs874OWvH1OcRF6OCwvAiAxzW0tTCuiNQfDXNpAWedeIqouDI9bgi4PW6BX01gPrA=="] }, { "kid": "b76f64da-2280-4929-bf61-3cbd66ddf9b7", "kty": "EC", "use": "sig", "alg": "ES384", "exp": 1515275249816, "crv": "P-384", "x": "-mnVqdgrmrSlWWYn0vAjygQrwRSQ1tVpRmGNXyXaJ42mLIbpcMsfMI_W8G9O_BfC", "y": "gpbfBAlYwTytPYFdpIORxeMOU_ye0FwEmQZXCwLYb21BRnlCuBQFpW0y2K6nwPtp", "x5c": ["MIIBtDCCATugAwIBAgIhAO4TkZj8\/8T4S32kr42uniN0kXxFcufj7\/Gp486fAGs7MAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTcwMTA2MjE0NzIyWhcNMTgwMTA2MjE0NzI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+mnVqdgrmrSlWWYn0vAjygQrwRSQ1tVpRmGNXyXaJ42mLIbpcMsfMI\/W8G9O\/BfCgpbfBAlYwTytPYFdpIORxeMOU\/ye0FwEmQZXCwLYb21BRnlCuBQFpW0y2K6nwPtpoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDZwAwZAIwEKjlNuUamUHjzbxwZH3FLv7N9T27Zit837E6wb0AZ4mTvpcYbdiVvS82Lfnfjk4SAjBZFoCAhVyCXESq2wAoueGP2coc8m7ZRhTP\/8TYZ1Y4VFVa\/if+8JZBFKnXQukY838="] }, { "kid": "d5fd9d4f-a3a3-46b8-a03f-90e94be82733", "kty": "EC", "use": "sig", "alg": "ES512", "exp": 1515275249816, "crv": "P-521", "x": "u8hf8eRSlJrpQ7d1QIxAnwy90Cy5YbLcaODnX8NU-lmGANGgI580c893zBFMIACC6d_j1DpulqzDkrFwm3OHMEg", "y": "q0bDfvHNEk1dqkpMMC5roAyINGkXAbtwXlvazSAK4HoK8XLW6qA5URWwxO6SZMkf8XRvlD07OX1p4EmNDp3lgdY", "x5c": ["MIICADCCAWGgAwIBAgIhAK5AsVNHEZ\/kWbQguhbrtIy8uUSwXLyZHiPtIBrO6DqfMAoGCCqGSM49BAMEMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTcwMTA2MjE0NzIyWhcNMTgwMTA2MjE0NzI5WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAu8hf8eRSlJrpQ7d1QIxAnwy90Cy5YbLcaODnX8NU+lmGANGgI580c893zBFMIACC6d\/j1DpulqzDkrFwm3OHMEgAq0bDfvHNEk1dqkpMMC5roAyINGkXAbtwXlvazSAK4HoK8XLW6qA5URWwxO6SZMkf8XRvlD07OX1p4EmNDp3lgdajJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDBAOBjAAwgYgCQgG4saTFWe0YPWHvf0V0sU\/fE1C4EUTOlsF930tt6OHQbcJYFb0+jDp+WarO0tObzmPcbVGJmkPbMDZLnijD8vYKmQJCAdImE7K5dQDQTYtBEN\/FPiBDPdZK5a6Bu3YCeLfCr0UbyT9sJFIAxc2+Ex8SJqJX9zMtjo1mLuGIHSgPbFcafud9"] } ]} ```

By Yamil Díaz Aguirre user 25 Jan 2019 at 6:22 p.m. CST

Copy
Yamil Díaz Aguirre gravatar
At the end of the day, did you get it with Kong? We are trying to integrate it, but we can't get it to work. First we consume our jwks endpoint to get the RS256 public key signature: ``` oxauth/restv1/jwks ``` Then we take the first key: ``` { "kid": "760628a8-8f84-45cc-ac11-7aa2162b257c", "kty": "RSA", "use": "sig", "alg": "RS256", "exp": 1579975395062, "n": "xNbXqylnuoiyhNmpCDk-_U3PugCYXUvB_Y6gCi3d3PeadFVI0bSR8KdhFn3LdPRaYjJwzwzMSoc3oH0vSDOx8NabrVjczooHy2rYFnQfRw1F22lGYkPquEFTM9gf8G2d8hfQ-4Ot-BwMdWl7al5FnGNGyp2nWuh52ydZ1_Lal1toGy_RPQQ5M5YDvvBsWFnaSxwV4jbasx3UJ_GSo-fclPRJqXng0DA0nMj-Uayu1457jXMKRSg_KqxjPnWVnnvofkK8o1wtn-dPHu5BwcH1fv8PruJk8cc3oRyAjFKKqxAFw8LLXix4otyB-lWQxN_rguSWXVoGMw9-pDLyDbQXiQ", "e": "AQAB", "x5c": [ "MIIDBDCCAeygAwIBAgIhAPosxRMM8358uKKdNTYEpN/I3KL6dJlzaO+pffNQ3LuTMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkwMTI1MTgwMzA1WhcNMjAwMTI1MTgwMzE1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNbXqylnuoiyhNmpCDk+/U3PugCYXUvB/Y6gCi3d3PeadFVI0bSR8KdhFn3LdPRaYjJwzwzMSoc3oH0vSDOx8NabrVjczooHy2rYFnQfRw1F22lGYkPquEFTM9gf8G2d8hfQ+4Ot+BwMdWl7al5FnGNGyp2nWuh52ydZ1/Lal1toGy/RPQQ5M5YDvvBsWFnaSxwV4jbasx3UJ/GSo+fclPRJqXng0DA0nMj+Uayu1457jXMKRSg/KqxjPnWVnnvofkK8o1wtn+dPHu5BwcH1fv8PruJk8cc3oRyAjFKKqxAFw8LLXix4otyB+lWQxN/rguSWXVoGMw9+pDLyDbQXiQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBACDneFZ9Ch3NLNlLBhx858G+G4hGWPksRi6ye0MjeFeo/yEj3uOsPwKp8aODKvNimMjvrjxV8ECCsDVLTgR4HIl/hFl1Z+h6fYVxQ9reVrou6p8jpEuQzvCUWtBR22YoVSchTMbzc/zOSRcCN+8bbb2hmon2F17B5UsKN3uV0d4rX3WukkVoP+U5OAy6sAhD3G0KM8pmvq/QQCwnZF6e7mD1j7mMcndat//aBxrqnUJdbWctkQRrDbYR4OoJ5meM1+OxtrTVMFTCKDj1uQGYNxODNHd91zk/zhzJPjdCb/ar7/9/wbMAMKQCAUY5oIWqb/1pNV/CNMOZGHYvSHdffDw=" ] } ``` And we convert it to a pem key with https://8gwifi.org/jwkconvertfunctions.jsp So we get a pem key, like this one: ``` -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNbXqylnuoiyhNmpCDk+ /U3PugCYXUvB/Y6gCi3d3PeadFVI0bSR8KdhFn3LdPRaYjJwzwzMSoc3oH0vSDOx 8NabrVjczooHy2rYFnQfRw1F22lGYkPquEFTM9gf8G2d8hfQ+4Ot+BwMdWl7al5F nGNGyp2nWuh52ydZ1/Lal1toGy/RPQQ5M5YDvvBsWFnaSxwV4jbasx3UJ/GSo+fc lPRJqXng0DA0nMj+Uayu1457jXMKRSg/KqxjPnWVnnvofkK8o1wtn+dPHu5BwcH1 fv8PruJk8cc3oRyAjFKKqxAFw8LLXix4otyB+lWQxN/rguSWXVoGMw9+pDLyDbQX iQIDAQAB -----END PUBLIC KEY----- ``` Finally we create a consumer in Kong using the previous key and we request the token in Gluu with the ```oxauth/restv1/token``` endpoint, so we get the response with the id_token (JWT), which we pass as a parameter in the authorization header bearer in our Kong Gateway. ``` Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2dsdXUuYXBhcmVqby5yb2NrcyIsImF1ZCI6IkAhMDAyQy4zQjVCLkMyN0IuN0M3NyEwMDAxITIyMzUuN0JDMSEwMDA4ITNFNTAuODYzQiIsImV4cCI6MTU0ODQ2MzE2MCwiaWF0IjoxNTQ4NDU5NTYwLCJhdXRoX3RpbWUiOjE1NDg0Mzk3MjAsImF0X2hhc2giOiJLQ1pIU0ltbWNLaWtKTEFZZFhnX0VRIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwic3ViIjoiQCEwMDJDLjNCNUIuQzI3Qi43Qzc3ITAwMDEhMjIzNS43QkMxITAwMDAhQThGMi5ERTFFLkQ3RkIifQ.QYldq2Bc6PK3lt9q7FksvwoFE3_2mgvkvQzPj27qw2A ``` But we got the following error: ```Invalid algorithm``` I guess it has to do with the fact that the public key is obtained in RS256, which is used for API by default, while the Bearer token obtained is in HS256 (used by default clients) Please, could you help us? Thank you!

Post an answer