Versions Compared

Old Version 11

changes.mady.by.user Yeok Hong Ng

Saved on

compared with

New Version 12

changes.mady.by.user Chem Zing Chee

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Example

Example of the validateJwt function with optional values for claims and algorithm populated.

Code Block
string token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5Pbz";
map<string, any> claimsToValidate = mapCreate(string, any);
mapSet(claimsToValidate, "appidacr", "2");
mapSet(claimsToValidate, "aud", "ae47e8fd-b2be-4626-a7b5-19d28961ba1e");
string error_message = JwtValidation.validateJwt("https://10.60.10.30/endpoint", token, claimsToValidate, "RSA512");


validateAndDecodeJwt

Validates an incoming OAuth JWTwith the error message and decoded payloads as return.

Code Block
JwtValidationResult validateAndDecodeJwt( 
string openIdServer, 
string token, 
map <string, any> claimsToValidate, //Optional
string algorithm //Optional)

Parameters

Parameter

Description

openIdServer

This is the URL for the JWKS server. It stores the JWKS in the cache.

Info

JWKS Cache

The cache is accessible only from the backend and cannot be updated by users. It is used to reduce the number of connections to the openIdServer and will be reset if the workflow is aborted.

Code Block
{
  "[kid #1]": {
    "use": "sig",
    "kty": "RSA",
    "kid": "e1583dde-e337-4bda-abf5-85a8fed1bafb",
    "alg": "RS256",
    "n": "** public key in here **",
    "e": "AQAB"
  },
  "[kid #2]": {
    "use": "sig",
    "kty": "RSA",
    "kid": "e1583dde-e337-4bda-abf5-85a8fed1bafa",
    "alg": "RS256",
    "n": "** public key in here **",
    "e": "AQAB"
  }
}

token

This refers to the JWT (Json Web Token) that needs to be validated.

claimsToValidate

An optional map field to declare the claims as well as the corresponding value to validate against the token.

algorithm

An optional field to verify the signing algorithm used by the token. The possible values could be RSA256, RSA384, RSA512, ECDSA256, ECDSA384, ECDSA512. By default, the APL function uses RSA256.

Returns

An JwtValidationResult UDR which consists of error message on validation failure and decoded payloads. The error message will be Null on validation success.

Info

Example

Example of the validateAndDecodeJwt function with optional values for claims and algorithm populated.

Code Block
string token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5Pbz";
map<string, any> claimsToValidate = mapCreate(string, any);
mapSet(claimsToValidate, "appidacr", "2");
mapSet(claimsToValidate, "aud", "ae47e8fd-b2be-4626-a7b5-19d28961ba1e");

JwtValidationResult result = (JwtValidationResult) JwtValidation.validateAndDecodeJwt("https://10.60.10.30/endpoint", token, claimsToValidate, "RSA512");

// To get the decoded payloads
map<string, any> claimsMap = result.claims;
debug(mapGet(claimsMap, "client_id"));

// To get the error message
debug(result.errorMessage);