jose4j

问题 How do I verify a JWT signature for an Azure B2C id token in Java? I have successfully verified signatures with google open-id connect, but I have not been successful verifying signatures for Microsoft Azure B2C jwt id tokens. I used the example B2C playground app here https://aadb2cplayground.azurewebsites.net/ . After signing up and editing my profile, and I captured this id token.

问题 How do I verify a JWT signature for an Azure B2C id token in Java? I have successfully verified signatures with google open-id connect, but I have not been successful verifying signatures for Microsoft Azure B2C jwt id tokens. I used the example B2C playground app here https://aadb2cplayground.azurewebsites.net/ . After signing up and editing my profile, and I captured this id token.

问题 I am using jose4j in a java application that I am working on. It is a json web token library, and I've found that putting the package name inside my log4j config file does nothing to quiet the (many) debug logging messages that I am seeing from this thing. Here's my relevant log4j config section <Root level="debug"> <AppenderRef ref="Console"></AppenderRef> </Root> <Logger name="org.jose4j" level="warn" additivity="false"> <AppenderRef ref="Console"></AppenderRef> </Logger> So, I essentially

问题 I am generating a public/private key pair which i will use for digital signature of a JWT with jose4j. Its working fine creating and validating the token as well. But once i restart the server, then the previously issued tokens become invalid. I feel that everytime i restart the server it creates the new key. This is how i generate key inside the constructor: rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048); // Give the JWK a Key ID (kid), which is just the polite thing to do rsaJsonWebKey