Validating authentication

If your application cannot retrieve keys dynamically, the administrator can disable the automatic key rotation in the administrator UI, generate a key credential and update the application to use it for signing.

Alternatively, you can also validate an access or refresh Token using the Token Introspection endpoint: Introspection Request.

You verify the access token’s signature by matching the key that was used to sign in with one of the key’s you retrieved from your Okta Authorization Server’s JWK endpoint.

Specifically, each public key is identified by a Keys used to sign tokens automatically rotate and should always be resolved dynamically against the published JWKS.

As mentioned above, it is important that the resource server (your server-side application) accept only the access token from a client.

If your network is Encrypted go on to step 6 otherwise Click ok and try to connect to your network again.

Are you receiving an endless "Validating Identity" connection status when trying to connect to a wireless network.

In a few simple steps you can bypass Windows Validation, and the resulting "Limited or No Connectivity" issue on an encrypted connection.

To validate the signature, Okta provides your application with a public key that can be used.

We will now cover the terms used in this document, and an explanation of why you should use access tokens instead of ID tokens for this use case.

Leave a Reply