My Spring Boot app is attempting to use Auth0
to validate a JWT it receives. My problem is the JWKS endpoint I have to connect to provides all of key information at the root of the URL, versus the well-known endpoint. My code snippet looks like so:
DecodedJWT jwt = JWT.decode(jwt);
JwkProvider provider = new UrlJwkProvider(new URL(configProperties.getKeyUrl()), 5000, 2000);
Jwk jwk = provider.get(jwt.getKeyId());
Is there a way to adapt JwkProvider
to look at a different URL? The javadoc seems to say /.well-known...
is going to be appended no matter what I do. Perhaps there's another library I can use?
So I finally decided the simplest thing to do was to edit the source from UrlJwkProvider
myself. I created a new class and removed the code that appends the well known URL. Easy-peasy.