How to Validate Signature of a JWT issued by WSO2 Identity Server

Even though I mentioned about WSO2 Identity Server, proposed method can be utilized to validate signature of any signed JWT.

First you have to export public certificate as a plain text by using java keytool. You can find wso2carbon.jks under <product_home>/repository/conf/security.

keytool -export -alias <some alias> -keystore <keystore name>.jks -rfc -file pub_key.cert

keytool -export -alias wso2carbon -keystore wso2carbon.jks -rfc -file pub_key.cert

You can print pub_key.cert from some text editor.

Now you need to generate JWT from WSO2 Identity Server, most easiest way to generate JWT is using password grant type.

curl -u rTdDdEI4rWejl08jLAsaBF0l6mMa:oZAiDixFzS2IWRmbqnqKqpOyrCIa -k -d “grant_type=password&username=admin&password=admin&scope=openid” -H “Content-Type:application/x-www-form-urlencoded” https://localhost:9443/oauth2/token

{“access_token”:”294261ff-07eb-34c6–884b-fb81c76b1d7e”,”refresh_token”:”65ff00cc-6170–33f2-ae93-daf396916fff”,”scope”:”openid”,”id_token”:”eyJ4NXQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJraWQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiZy0xQV9kUmJEbGVEaW9aWkozZjVHdyIsInN1YiI6ImFkbWluIiwiYXVkIjpbInJUZERkRUk0cldlamwwOGpMQXNhQkYwbDZtTWEiXSwiYXpwIjoiclRkRGRFSTRyV2VqbDA4akxBc2FCRjBsNm1NYSIsImFtciI6WyJwYXNzd29yZCJdLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRoMlwvdG9rZW4iLCJleHAiOjE1NTM1MTY3NzIsImlhdCI6MTU1MzUxMzE3MiwiZW1haWwiOiJhZG1pbkB3c28yLmNvbSJ9.k41yFv4zueYLsOcUmGz_bUmuT2VDgzPbw4zYnLYMtAOFS1pkanzs11rgrH5At56t_7y1CBsRUBd86T8os1CX5owc0FgtxxwSV5EKdTvatWo26glr4oHC3i0IHNx8KEY3JCpggGsiq5YHWqcblwF2AeVzN72FogaXnZabf8aMMcpUmtcjKTaXurrAQ3e_tEvrd4yjdCqu2314yAD4d7nVaxr-7N4EL4pR0qczV6TNmCMJEqaofMPfyfmbmDx1x-yYYZb-Jgc0oH1sc2H4Ttd01PIFOiR32uZaRJN5CYumofRmYsyVPB5Gi90MeWkREc5kLTlBYf6ZaX0voPxWToKZnQ”,”token_type”:”Bearer”,”expires_in”:3600}

Now you need to put ID Token value and Public key as per below images. Once you paste id_token value only it says Invalid Signature.

When you paste Public Key it says Signature is Valid