I'm trying to verify the signature on a JWT from AzureAD in my API. The endpoint where I retrieve the public key is here: https://login.microsoftonline.com/common/discovery/keys
So far I've tried using the Auth0 library (https://github.com/auth0/java-jwt)and the Nimbusds library (https://connect2id.com/products/nimbus-jose-jwt/download) but I don't see how to actually convert the JWK in the form it's in (a string) to an object that can be operated on.
Nimubs seems to the the more promising option as it has a method which I can use to extract the public key from a JWK...
List<JWK> matches = new JWKSelector(
new JWKMatcher.Builder()
.keyType(KeyType.RSA)
.keyID("123456")
.build()
).select(jwkSet);
This looks more or less like what I need but I'm not sure how to set my list of JWK objects from the string provided.
Thanks.