F5 Oauth server introspect JWT access token from external server

Question

dear all,I already have setup a F5 as oauth client, F5 as oauth server (AS) and F5 as API gateway where F5 performs the introspect internally in its oauth database. So that is all working fine.Now we would like to perform introspect from an external server / API gateway towards the F5 and we are using JWT access tokens generated by F5 oauth server. I would assume the endpoint is /f5-oauth2/v1/introspect and we should define resource-server-id, resource-server-secret and access-token. According to the F5 documentation it is used only for Opaque tokens but that is not recommended as best practice is to use JWT./f5-oauth2/v1/introspect as token introspection endpoint for
	    validating Opaque tokens
Now the question, how am I able to perform introspect from an external API server towards the F5 oauth server to validate that the provided JWT access token is still valid?

marvin · Answer

The answer is to use the JWKS endpoint and verify the JWT kid signature value and perform a modulus check. So there is no need to contact the introspect endpoint.

https://medium.com/trabe/validate-jwt-tokens-using-jwks-in-java-214f7014b5cf

https://software-factotum.medium.com/validating-rsa-signature-for-a-jws-10229fb46bbf

Forum Discussion

F5 Oauth server introspect JWT access token from external server

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Virtual Server Cannot Access External Pool Members

one-arm scenario, external network?

external URL redirection

Export device backups from BIG-IQ to an external FTP

External Health monitor

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS