How to verify your rs256 signed jwt token

When you’re working with JWT tokens, you need to verify their validity.

Below is a small snippet of code to verify your RS256-signed tokens (note that I purposefully stored the jwks.json file locally so as not to make the HTTP request every time a token needs to be verified (which is every time a request comes in).

For the purposes of this demo, I used the following 2 repos:

But there are many more out there that you can use to verify the tokens.

Here’s the code (I’m using Amazon Cognito as my auth provider, hence the Issuer value):

fun valid(token: String): Boolean {

    val resource = javaClass.classLoader.getResource("jwks.json")
    val provider = UrlJwkProvider(resource)
    val jwk = provider.get(Properties._JWT_ID_TOKEN_KID)

    val algorithm = Algorithm.RSA256(jwk.publicKey as RSAKey)
    val verifier = JWT.require(algorithm)
            .build() //Reusable verifier instance    val jwt = verifier.verify(token)
    return (jwt != null)


comments powered by Disqus