Extension::JsonJWTVerify Method
Syntax
Arguments
- token
JWT Token
- secret
Secret that token was hashed against.
- optionsCharacter JSON String
A comma-delimited list of hashes to use or a JSON string defining one or more of the following options:
- algorithmsCharacter Array
A comma-delimited list of hashes.
- audienceCharacter
Identifies the recipients that the JWT is intended for.
- issuerCharacter
Identifies principal that issued the JWT.
- ignoreexpirationLogical
Decode the token even if it is expired.
- ignorenotbeforeLogical
Decode the token even if it is not ready.
- subjectCharacter
Identifies the subject of the JWT.
- clocktoleranceNumeric
Number of seconds of error to tolerate on notbefore and expiration.
Returns
- ResultCharacter
Returns JSON if valid, otherwise return the string "null".
Description
Verifies a javascript web token.
' First create a token
dim token as c = extension::JSON::JWTSign(json_sanitize("{ fname : 'john' , lname : 'public'}"),"shhhh!")
? token
= "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6ImpvaG4iLCJsbmFtZSI6InB1YmxpYyIsImlhdCI6MTY2MzE1OTI1OX0.sL1T91egdCSZPVoRF3Eye_2xi1Q85LzX8seLy4zTdpY"
' Verify will return JSON packet if the supplied secret is valid
? extension::JSON::JWTVerify(token,"shhhh!")
= {"fname":"john","lname":"public","iat":1663159259}
' Pass it an incorrect secret - and verify will return a blank string
? extension::JSON::JWTVerify(token,"boo!")
= "null"Using the optional parameter to specify alternate algorithms.
By default, Extension::JSON::JWTVerify() will try various hash schemas. You can explicitly define the hash schemes to use as a comma-delimited list.
dim token as c = extension::JSON::JWTSign(json_sanitize("{ fname : 'john' , lname : 'public'}"),"shhhh!","HS512")
? token
= "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6ImpvaG4iLCJsbmFtZSI6InB1YmxpYyIsImlhdCI6MTY2MzE1OTMxMn0.kK1WKMO-qKkZ4ez0bGB4bspB6HpZLk96DK_blVfy3yDEwvV6r0W1twXrifVM3cUR9J-IeuQt4E8mmYwI1M3OlQ"
' We are using a different hash
? extension::JSON::JWTVerify(token,"shhhh!","HS256")
= "null"
' So include the hash we are using
? extension::JSON::JWTVerify(token,"shhhh!","HS512")
= {"fname":"john","lname":"public","iat":1663159312}
' Comma separated list of accepted hash encodings works as well.
? extension::JSON::JWTVerify(token,"shhhh!","HS256,HS512")
= {"fname":"john","lname":"public","iat":1663159312}More Complex Options
Just like the JWTSign method, JWTVerify can take complex options.
The following example signs a token that expires in 30 seconds. After the token has expired, the JWTVerify() will report the token is invalid (returns "null"). You can use the 'ignoreexpiration' option to decode the expired tokens. The 'ignoreexpiration' option is useful for debugging cases where verified failed unexpectedly.
dim optionsSign as P
dim optionsSign.algorithm as c = "HS512"
dim optionsSign.expiresin as n = 30
dim optionsjson as c = json_generate(optionsSign)
? optionsjson
= {
"algorithm": "HS512",
"expiresin": 30
}
dim token as c = extension::JSON::JWTSign(json_sanitize("{ fname : 'john' , lname : 'public'}"),"shhhh!",optionsjson)
? token
= "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJmbmFtZSI6ImpvaG4iLCJsbmFtZSI6InB1YmxpYyIsImlhdCI6MTY2MzE1OTQwNCwiZXhwIjoxNjYzMTU5NDM0fQ.TzyiihEB2JRhAalC6g6pKx2dtITADHqgyEU22Dt5Q3u7mXRQGyZC8euA9o9uq0WtsieYso6kqx5lABc-axLhTw"
? extension::JSON::JWTVerify(token,"shhhh!","HS512")
= {"fname":"john","lname":"public","iat":1663159404,"exp":1663159434}
' Wait for 30 seconds
? extension::JSON::JWTVerify(token,"shhhh!","HS512")
= "null"
dim optionsVer.algorithms[1] as c = "HS512"
dim optionsVer.ignoreexpiration as l = .t.
dim optionsjson as c = json_generate(optionsVer)
? optionsjson
= {
"algorithms": [
"HS512"],
"ignoreexpiration": true
}
' Explicity ignore the expiration (can be used to determine if token is expired rather than using the wrong secret)
? extension::JSON::JWTVerify(token,"shhhh!",optionsjson)
= {"fname":"john","lname":"public","iat":1663159404,"exp":1663159434}