Jwt Token Validation

k.krylov · November 21, 2019, 3:16pm

Description/Error
refresh_token and acceess_token obtained from https://oauth.zoom.us upon successful OAuth flow contain signature that I am unable to validate. Please advise what secret I shall use to validate incoming tokens?

Thank you

tommy · November 21, 2019, 7:09pm

Hey @k.krylov,

I am not sure what you mean by “validate incoming tokens”?

Can you please clarify or give an example?

Thanks,
Tommy

k.krylov · November 21, 2019, 7:34pm

I am getting the token however I don’t know it’s coming from you or from someone else in the middle. Just like you want the Client to sign the JWT with the secret i want to make sure that the token coming back from you is also valid otherwise why bother sending it in JWT format. The response asserts identity and yields sensitive data, considering that I am not in the environment with clean internet I would like to validate the token. It must be signed with a symmetric key and I need to know what it is.

tommy · November 21, 2019, 11:11pm

Hey @k.krylov,

I am still confused.

Yes Zoom access_tokens are in a JWT format, but the access_tokens can only come from Zoom so no need to validate it.

Thanks,
Tommy

Topic		Replies	Views
OAuth access_token signature verification API and Webhooks	14	1459	August 21, 2020
Validating access JWT signature Authentication jwt	3	666	February 24, 2023
Verifying access token signature API and Webhooks	2	478	February 23, 2023
JWT Invalid Token API and Webhooks	3	775	August 21, 2020
Always getting Invalid access token API and Webhooks	6	4927	August 21, 2020

Jwt Token Validation

Related Topics