Verify JWT auth token

I need to verify access token that I receive from Authentication Service and I have public keys from here https://api.prd.identity.corp.unity3d.com/.well-known/jwks.json, but still services like https://jwt.io/ or https://jwt.davetonge.co.uk/ couldn’t verify signature. I’m not 100% sure, but I think earlier I was able to verify tokens, so it means that there is some problem with signing access tokens (maybe you should update public keys).

Hi!

If you look at the Verify Signature part of the jwt.io screen, you will see that there is an input box for the public key and and an input box for the private key. We are not going to share the private key (for obvious reasons), but it looks like you would need to insert both into the UI for jwt.io to verify it.

The main thing for developers is that you have to verify the signed JWT against the public keys (using some jwt library of your choice). If that succeeds, then you know that the JWT was signed by Unity Authentication.

We’ve done some testing, and there haven’t been any issues with signing the tokens on the server side and us verifying the tokens.

To the last point: at some point, we probably will rotate the public keys at some point, but it will be for security reasons.

Please let us know if that resolves your concerns or if you have other questions.

Yes, now I’ve been able to verify it, but actually I used the same methods and https://jwt.davetonge.co.uk/ do it by it’s own. Anyway thank you, it’s working now.

Hi,
I’ve got problem verify Unity JWT.


I’ve tried some JWT Libraries, like pyjwt and firebase/php-jwt. it’s shown same result, that signature not verified. please let me know what’s I’ve missed.
Thank you a lot

2 Likes

Hi. I have the same task. Have you managed to figure out your situation?