OpenID Connect ID Token Signature Validation Samples

When creating a library that has to validate ID tokens according to the OpenID specification, it is useful to include some tests that check if the signature validation is working properly. Here are some samples that may help you do this:

Response of `.well-known/openid-configuration` endpoint

{
  "issuer": "http://localhost:8080",
  "token_endpoint": "http://localhost:8080/token",
  "authorization_endpoint": "http://localhost:8080/authorize",
  "userinfo_endpoint": "http://localhost:8080/userinfo",
  "token_endpoint_auth_methods_supported": ["none"],
  "jwks_uri": "http://localhost:8080/jwks",
  "response_types_supported": ["code"],
  "grant_types_supported": [
    "client_credentials",
    "authorization_code",
    "password"
  ],
  "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
  "response_modes_supported": ["query"],
  "id_token_signing_alg_values_supported": ["RS256"],
  "revocation_endpoint": "http://localhost:8080/revoke",
  "subject_types_supported": ["public"],
  "end_session_endpoint": "http://localhost:8080/endsession",
  "introspection_endpoint": "http://localhost:8080/introspect"
}

Response of JWK endpoint

{
  "keys": [
    {
      "kty": "RSA",
      "n": "wFTZ6hX5HBOg3McPxoKA175wcOP82iiq-JkehT5Wl1Zt8Ljak9BgUoxoMteMTlY5b-NUemaTZhZ-EO2H9jEzUT6bESnsn6AexuoTFiENxcc5gtYWsQEfhB4G1DuDhG5szuqcM2sDjAonduZ6M4Nen-41vbsC_jwhX9uuEJ3jBtmjJUohO1it-spx4Iz50kE2iarY4a-lDo3KJgH8kYLvK-IIZhNV2lNihxuiADLjsELgGJrxvg6hskYrTDcZJ-cOCo9POtq6GxSR7zRFAWN0DRpk9jT65GxFDv5b6uBqZ3m-31iRNsftT-JnL5KzDW4tHkAvedWdqfyjD8fGkloo8w",
      "e": "AQAB",
      "kid": "192363785517f3280776d2868fe4b42063b15fe2bcd578154f1a20277c04f08186840468eeb7d723",
      "alg": "RS256"
    }
  ]
}

Response of token endpoint

{
  "token_type": "Bearer",
  "expires_in": 3600,
  "access_token": "eyJraWQiOiIxOTIzNjM3ODU1MTdmMzI4MDc3NmQyODY4ZmU0YjQyMDYzYjE1ZmUyYmNkNTc4MTU0ZjFhMjAyNzdjMDRmMDgxODY4NDA0NjhlZWI3ZDcyMyIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJpYXQiOjE2NjIzNjQzNDEsImV4cCI6MTY2MjM2Nzk0MSwibmJmIjoxNjYyMzY0MzMxLCJzdWIiOiJqb2huZG9lIiwiYW1yIjpbInB3ZCJdLCJzY29wZSI6ImR1bW15In0.ZDp8wT-JFoFjzdgRWsDV0hSCLkm7fSnDU4wLLu-srR5EuFX44BRlFVezgfXm9NMQUVJnJepUt4fjfOML1W8e5CreTcGyuNO0CFyKWaApQms-26IwxayLOV81cR81DZ1JzzZW3pFaFO3VMD_f5BlGLj8hryTjmK0G6WW-HY53gXobGc7ACYQBrYR0m7c0JdoQIoepdN2fvCgryjCpWFO5e6s_pV-tu4OVR6YupCxb9HU8XC8-wuGGFBjB21bo0U61lmsbyxl35f82Y8kyxYbDtyyvjld3nwUO_QrxyBvdyufakTZnoY8ShpGtWtwofLPSP4_vb6WILX6wCRQekh4hUA",
  "scope": "dummy",
  "id_token": "eyJraWQiOiIxOTIzNjM3ODU1MTdmMzI4MDc3NmQyODY4ZmU0YjQyMDYzYjE1ZmUyYmNkNTc4MTU0ZjFhMjAyNzdjMDRmMDgxODY4NDA0NjhlZWI3ZDcyMyIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJpYXQiOjE2NjIzNjQzNDEsImV4cCI6MTY2MjM2Nzk0MSwibmJmIjoxNjYyMzY0MzMxLCJzdWIiOiJqb2huZG9lIiwiYXVkIjoiZm9vIn0.jjGKN2AK8-gSysblsXCw5nCvcdzZBtBN2kQRxe9w157Oo7oYcFx00sAlyUI4585htwxphnd1LwWQWV15103c6OSon2nD_CwcUUzqPJj4TVh2XnX_C4-BrwpJvsQJXcAL6g9yX-YAyxz6FaMc8SOdVUULLjldQUOSqSQ42YlNxaZN1xdYTyPElCtg8nPksRYTM6FZy_39tGAHZgz8_vuSk13WSGG5xYqSzlagQDoE-QwH9blXLcVHxpZlFBnXRG68samqno6yigFfNz8XtrGaPDP22oxXTCA_YlzZZivMNB3FwXdczZw_tO3CRYm6YgUrPstNBOb7_45Uud0WHwBcCA"
}

OpenID Connect ID Token Signature Validation Samples

Response of .well-known/openid-configuration endpoint

Response of JWK endpoint

Response of token endpoint

Response of `.well-known/openid-configuration` endpoint