This section describes functions that relates to OAuth operations.
The following functions for OAuth described here are:
validateJwt
Validates an incoming OAuth JWT.
string validateJwt( string openIdServer, string token, map <string, any> claimsToValidate, //Optional string algorithm //Optional)
Parameters
Parameter | Description |
|---|---|
| This is the URL for the JWKS server. It stores the JWKS in the cache. JWKS CacheThe cache is accessible only from the backend and cannot be updated by users. It is used to reduce the number of connections to the {
"[kid #1]": {
"use": "sig",
"kty": "RSA",
"kid": "e1583dde-e337-4bda-abf5-85a8fed1bafb",
"alg": "RS256",
"n": "** public key in here **",
"e": "AQAB"
},
"[kid #2]": {
"use": "sig",
"kty": "RSA",
"kid": "e1583dde-e337-4bda-abf5-85a8fed1bafa",
"alg": "RS256",
"n": "** public key in here **",
"e": "AQAB"
}
}
|
| This refers to the JWT (Json Web Token) that needs to be validated. |
| An optional map field to declare the claims as well as the corresponding value to validate against the token. |
| An optional field to verify the signing algorithm used by the token. The possible values could be RSA256, RSA384, RSA512, ECDSA256, ECDSA384, ECDSA512. By default, the APL function uses RSA256. |
Returns | An error message on validation failure. Null on validation success. |
Example
Example of the validateJwt function with claims and algorithm optional values populated.
string token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5Pbz";
map<string, any> claimsToValidate = mapCreate(string, any);
mapSet(claimsToValidate, "appidacr", "2");
mapSet(claimsToValidate, "aud", "ae47e8fd-b2be-4626-a7b5-19d28961ba1e");
string error_message = JwtValidation.validateJwt("https://10.60.10.30/endpoint", token, claimsToValidate, "RSA512");