I’m trying to configure the JWT Plugin to work w/Okta. I’m having problems properly configuring the plugin for RS256. The main issue I’m running into is how to convert the data I get back when getting the JWKS from the well known endpoint. Apparently Kong JWT want this information in PEM format and I’m having little luck converting the limited data I get back from the JWKS endpoint into PEM format. I seem to be missing the “d” value which apparently is needed to complete the conversion. I believe others have had success with this approach. What am I missing? Thanks in advance.
PS: others are also having the same issue. See: Verify token signature - Questions - Okta Developer Forums
I’m going to provide the solution I used to get this to work for future needs. The most difficult part of getting this to work was obtaining the Okta public-rsa-key (associated with the JWT signature) in PEM format. I eventually succeeded by forking a superseded github project and doing some minor modifications to get it to work with an Okta default AuthZ server. Patched copy of modifications available at: /jridge/okta-jwks-to-pem. Even after that I needed to hand modify the resulting PEM and replace all the “\n” with Windows [Enter] key. Probably easier if I did this using Linux. After that I had a suitable PEM representation of the Okta Public JWT signing key. I entered this value into the Kong consumer certificate and now I have the Kong Open Source JWT plugin verifying the Okta Access Tokens. Enjoy!