When validating a JSON Web Token (JWT), it is essential to ensure that you are using the correct public key. The best way to do this is to check that thekeyID (kid)of the public key matches thekeyID (kid)specified in the JWT header.
Option A: Incorrect. The public key hash and the signature hash of the JWT are not directly compared. Instead, the public key is used to verify the JWT's signature.
Option B: Incorrect. The expiration time of the JWT is validated separately and does not determine which public key to use.
Option C: Incorrect. While the issuer (iss) claim in the JWT header identifies the entity that issued the token, it does not specify which public key to use for validation.
Option D: Correct. ThekeyID (kid)in the JWT header identifies the specific public key that should be used to validate the token. Matching thekidensures the correct public key is used.
References:
JSON Web Token (JWT) RFC 7519
SAP Customer Data Cloud - JWT Validation
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit