Is there an easy way to go from the Google Certs to verify a JWT?
kevmoo opened this issue · comments
Kevin Moore commented
Google points to https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com for folks to verify JWT tokens.
I've been digging for ~1 hour and can't find an easy way to go from that JSON encoding to anything I can put in JsonWebKeyStore
.
Am I missing something?
thanks!
Kevin Moore commented
Maybe I need to be using https://www.googleapis.com/oauth2/v3/certs
That needs to be documented better!
Kevin Moore commented
That's it!
Kevin Moore commented
Er, actually it's https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com
Google could make this easier