From c5412939b49a30aa6335b1d9e6d2605693e0b9d9 Mon Sep 17 00:00:00 2001 From: Brett Ritter Date: Fri, 31 Jul 2020 15:41:52 -0700 Subject: [PATCH] Adds mention of idToken to jwt-verifier (#854) --- packages/jwt-verifier/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/jwt-verifier/README.md b/packages/jwt-verifier/README.md index caa9914f2..465f74dad 100644 --- a/packages/jwt-verifier/README.md +++ b/packages/jwt-verifier/README.md @@ -5,6 +5,8 @@ This library verifies Okta access tokens (issued by [Okta Custom Authorization servers](https://developer.okta.com/docs/concepts/auth-servers/) by fetching the public keys from the JWKS endpoint of the authorization server. If the access token is valid it will be converted to a JSON object and returned to your code. +This library does not yet verify id tokens. You can learn about [access tokens](https://developer.okta.com/docs/reference/api/oidc/#access-token) and [id tokens](https://developer.okta.com/docs/reference/api/oidc/#id-token) in our [OIDC and OAuth 2.0 API Referece](https://developer.okta.com/docs/reference/api/oidc/). + > Okta Custom Authorization Servers require the API Access Management license. If you are using Okta Org Authorization Servers (which don’t require API Access Management) you can manually validate against the /introspect endpoint ( https://developer.okta.com/docs/reference/api/oidc/#introspect ). For any access token to be valid, the following are asserted: