Dear Craig,
As per my understanding, you just need the public key from the issuer, and then use Decode Json Web Token assertion to validate the signature of JWT with the public key.
After that, the json payload of jwt will be extracted, you might perform further validation on the claims such as 'iss', 'exp', 'aud', etc.
(usually the issuer should share a public link to download the public key, or Json web key, or Json web key set)
Regards,
Mark
Original Message:
Sent: 03-09-2021 04:55 AM
From: Craig Ford
Subject: Validate JSON Web Token (JWT) issued from identity server other than Layer7 API Management
I have a JWT access token that I need to validate. The JWT was not issued by the Layer7 API Management gateway. The JWT was issued by IdentityServer4, but this might change to be a Gluu server in the future.
Can the gateway perform complete token validation, as per the Open Id Connect specification, of JWTs issued from other servers and if so how is this done (OTK?, example assertions, etc).
Many Thanks.