OAuth access_token signature verification

I setup OAuth application for testing and now I’m able to receive access_token
I see that it is signed JWT, where can I find the key to verify the signature?

Which App Type (OAuth / Chatbot / JWT / Webhook)?

Hey @vatuska, thanks for posting and using Zoom!

What do you need to verify the access_token for?


Hey, I need to retrieve some claims and the jjwt library complaints that I ignore the signature,
I can split the token and base64 decode the middle part and deserialize the json manually, however it is kind of a good practice to verify the signature of signed tokens :slight_smile:

Hey @vatuska,

Have you tried JWT Decoding the access_token to get the signature?

Here is a related post:


Yes, it decodes claims and the header, however, it expects me to know what the secret variable is to verify the signature, when I put my token there, it also complains that the signature is invalid, because there is “your-256-bit-secret” secret value used by default

I need to decode the token on the side of my endpoint (which I use as redirect_uri in OAuth application) to recognize whether this user logged in previously or not.
If I use the library in my code to decode JWT it expects that I know the key to validate the signature and I don’t actually.

I see @vatuska.

Let me get back to you on how to verify the signature. (ZOOM-136554)