I´m trying to do a plugin to validate the integrity of an JWT Token emitted my IDP (IdentityServer 4).
- Retrieve the JWKS from the discovery endpoint, and filter for potential signing keys (e.g., any keys missing a public key or with a
- Extract the JWT from the request’s authorization header and decode it.
- Grab the
kidproperty from the header of the decoded JWT.
- Search your filtered JWKS for the key with the matching
- Build a certificate using the corresponding
x5cproperty in your JWKS.
- Use the certificate to verify the JWT’s signature.
Im using the method verify of https://github.com/Kong/kong/blob/master/kong/plugins/jwt/jwt_parser.lua but im getting this error "Consumer Public Key is Invalid "
Any idea or help?