Tutorial for JWT verification

TOP | DOWNLOADS | TUTORIALS | API REFERENCE | DEMOS

The 'jsrsasign' 4.8.0 or later supports validation for JSON Web Token(JWT) by KJUR.jws.JWS.verifyJWT method. To verify it, you need key for signature of JWT and some parameters.

If HMAC is used for JWT signing, you can specify shared key by a hexadecimal string of key. Otherwise, you may need to specify public key. Easiest way is to provide PEM text formatted X.509 public key certificate for JWT signer.

For example, certificate will be shown as following text.

----- BEGIN CERTIFICATE -----
MIIDET....
... snip ... (Base64 encoded certificate)
----- END CERTIFICATE -----

When you have a string for PEM certificate, you can load public key object by following method.

var pubkey = KEYUTIL.getKey(certStr)

You can use the same method to load public key PEM file.

Following code is for simplest HS256 JWT validation and to verify signature, time (i.e. ordering current time with 'exp', 'nbf' and 'iat' claims) and acceptable algorithm:

var isValid = KJUR.jws.JWS.verifyJWT("eyT...", "616161", {alg: ['HS256']});

If you want to verify JWT at specified time, you can use 'verifyAt' property:

// verify JWT at 1 Jun 2015.
var IntDate = KJUR.jws.IntDate;
var isValid = KJUR.jws.JWS.verifyJWT("eyT...", "616161", 
                                     {alg: ['HS256'],
                                      verifyAt: IntDate.get('20150601000000Z')});

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Tutorial for JWT verification

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally