JWT validation failing in Deno edge function for GC implicit grant

Having some issues getting my configuration to work… trying to verify the access_token from Genesys Cloud implicit grant flow inside a Deno Deploy edge function. fetching the JWKS from https://api.mypurecloud.com/api/v2/oauth/jwks works fine, but my manual validation logic keeps throwing a signature mismatch error. the token decodes fine, just fails verification. maybe i’m grabbing the wrong kid from the keyset?

const jwks = await fetch('https://api.mypurecloud.com/api/v2/oauth/jwks');

how do i properly match the kid and verify the signature in Deno without using an SDK?

The problem here is key selection. implicit grant tokens often use different signing keys than client credentials. ensure the kid in the token header exactly matches a key in the JWKS response. mismatched keys cause signature failures immediately. check the alg too. usually RS256.

const key = jwks.keys.find(k => k.kid === tokenHeader.kid);

verify the kid match before signing.