[JWT] Read and Validate token

Forge Component
(10)
Published on 20 Jul (14 days ago) by João Almeida
10 votes
Published on 20 Jul (14 days ago) by João Almeida

Dear ,

How to read and Validate JWT token , it seems it still not implemented yet .

Kindly suggest us.


Thanks and regards

Rajashekar Reddy Ette

Hi Rajashekar,

sorry but the version in Forge still doesn't have the logic to read and validate token, we have that implemented but haven't published because it's not stable.

Hello Joäo,

When I use your component to Create a Token the ReadAndValidateToken works correct.

However when I create a token using https://auth0.com/ as issuer, I can read the token, but not validate it. When I validate the token on https://jwt.io it says it has a valid signature.

I noticed on your last post that the read and validate token functionality is not yet stable. Do you have plans to work on it?

Regards,

Daniel

I got it working, my own mistake.

Hi Daniël, Glad you got to have it working.

Hi Again,

I got HS256 working. 

However customer, unfortunately didn't tell on forhand that he wanted me to use RS256 instead of HS256.

I need to use Oauth issuer that they have defined on https://auth0.com/.

So I only use your functionality to validate a token that I receive when the system from my customer calls my OutSystems Rest API. The problem I face is I get the exception as highlighted in your code below.

If I validate the token on jwt.io it says that the signature is valid.

I can read the token succesfully without validation.

What I do not understand from the error message is why it says 'Validate if key private key is in PEM format', as far as I understood I have to provide the public key (PEM signature).

Do you have experience with using your ReadToken function to validate a token issued by a www.autho0.com api?

The public key I use in my test senario is accessible via https://danielkuhlmann.eu.auth0.com/.well-known/jwks.json

(the x5c part of the returned json structure)

Regards,

Daniel

Hi Daniel, I've never tested with Auth0 tokens, let me test your scenario and I'll get back to you.

The current implementation doesn't support correctly keys in x509 format, the one used in JWKS structures. I'm working to fix that, and also add better support for pulling keys from JWKS. 

Hi Daniel, I already a working version that allows validating tokens with x509 certificates, and even has support for JWKS. Let me do another round of testing and I publish a new version in the Forge.

Hi João,

Thanks for the quick support, truly appreciated.

Regards,

Daniel



Hi Daniel, I have a new version of the component in the Forge, version 2.2.0. You can use as it is right now with the x5c field, but you'll need to wrap it with "-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----" delimiters. You can use new actions that make easier to sign with Json Web Key and Json Web Key Sets.


Take a look, there's also a new page to test the features for JWKS:

https://joaoalmeida.outsystemscloud.com/JWTDemo/ReadTokenFromJWKS.aspx?(Not.Licensed.For.Production)= 



Hi João,

I will give it a try first thing tomorrow morning.

Regards, 

Daniel

Hi João,

I've downloaded your latest version, and can confirm that now I can correctly validate a JWT token that is encrypted with RS256.

Thanks again for the quick and professional support.

Regards,

Daniel

Hi João,

I have used your component but I am only able to add the JWT_Core dependency

and also when I am using the ReadToken Action how to completely retrieve all the payload parameters as I am getting only the topmost parameter from the payload.

Also, I want to create a token in which the I want to add 3 parameters in the payload and add a secret in the verify signature part of the token
how to achieve this?

Vikas Pandey wrote:

Hi João,

I have used your component but I am only able to add the JWT_Core dependency

and also when I am using the ReadToken Action how to completely retrieve all the payload parameters as I am getting only the topmost parameter from the payload.

Also, I want to create a token in which the I want to add 3 parameters in the payload and add a secret in the verify signature part of the token
how to achieve this?

 Hi Vikas, can you check with the version that just was released in the forge?

 

João Almeida wrote:

Vikas Pandey wrote:

Hi João,

I have used your component but I am only able to add the JWT_Core dependency

and also when I am using the ReadToken Action how to completely retrieve all the payload parameters as I am getting only the topmost parameter from the payload.

Also, I want to create a token in which the I want to add 3 parameters in the payload and add a secret in the verify signature part of the token
how to achieve this?

 Hi Vikas, can you check with the version that just was released in the forge?

 

 Hi João,

Thanks for replying. Actually I ended up creating up an extension using integration studio to solve my issue.