Your APIs are configured as a relying party on an OpenID Connect platform. You need to inspect and verify the OpenID Connect identity. What two actions should you take?
Choose 2 answers
A.
Verify the signature of the JWT using a shared secret.
B.
Parse the JWT to extract the exp: nbf and iat properties to determine if the token is still valid
C.
Pass the JWT to a preconfigured 3rd party for verification of the signature, exp, nbf and iat properties
D.
Use the OpenID Connect URL to locate a trusted 3rd party for verification the signature, exp, nbf and iat properties
E.
Using the JKWS URL in the OpenID Connect configuration, fetch the signing key to verify the JWT signature and parameters
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit