rs256 token is not verifiable

[kotyara85]

Hello,
I followed the official examples to verify a token and it's always false
Is there any way to output the error which opa hits during io.jwt.verify_rs256?
I did verify jwks are pulled and they're valid for the token
Thanks

package oidc

issuers = {"https://auth.example.com"}

metadata_discovery(issuer) = http.send({
	"url": concat("", [issuers[issuer], "/.well-known/openid-configuration"]),
	"method": "GET",
	"force_cache": true,
	"force_cache_duration_seconds": 86400,
}).body

token := {"claims": claims} {
	io.jwt.decode(input.user, [_, claims, _])
}

metadata = metadata_discovery(token.claims.iss)

jwks_request(url) = http.send({
	"url": url,
	"method": "GET",
	"force_cache": true,
	"force_cache_duration_seconds": 3600, # Cache response for an hour
})

jwks = jwks_request(metadata.jwks_uri).body

default vefified := false

verified = io.jwt.verify_rs256(input.token, json.marshal(jwks))

[kotyara85]

It's actually a type in my code - input.token is empty

[anderseknert]

You'll need to provide the token as part of your input when querying OPA, e.g.

curl --data '{"input": {"token": "mytoken"}}' http://localhost:8181/v1/data/my/policy