Verify Method

Verifies the signature of the encoded JWT.

Syntax

ANSI (Cross Platform)
int Verify();

Unicode (Windows)
INT Verify();

- (void)verify;

#define MID_JWT_VERIFY 10

IPWORKSAUTH_EXTERNAL int IPWORKSAUTH_CALL IPWorksAuth_JWT_Do(void *lpObj, int methid, int cparam, void *param[], int cbparam[], int64 *lpllVal);

Remarks

This method verifies the signature of the encoded JWT.

Before calling the Verify method set EncodedJWT to a valid compact serialized JWT. For instance:

eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOlsiYXVkaWVuY2UiXSwiaXNzIjoiaXNzdWVyIn0.mlFETSma4WUcUSjNSUWA1n9QBcQHCkHN-y4zeBsCVqI

Key or SignerCert should be set to the HMAC key or public certificate respectively. If the correct Key or SignerCert is not known ahead of time the KeyId parameter of the SignerInfo event may be used to identify the correct key.

If this method returns without error verification was successful. If verification fails then this method fails with an error. After calling this method the claims will be parsed and the Claim* properties will be populated. The the Header* properties will contain the headers. Headers of the parsed message are also available through the HeaderParam event.

The following properties are applicable when calling this method:

EncodedJWT (required)
Key (conditional - required for HMAC)
SignerCert (conditional - required for ECDSA and RSA)
SigningAlgorithm (only if StrictValidation is True)
StrictValidation

After calling this method the following properties are populated:

Notes for HMAC Algorithms (HS256, HS384, HS512)

When verifying a message originally signed with a HMAC algorithm Key must be set to the same key used during signing. The key must be known by both parties in order for signing and verification to take place.

byte[] key = new byte[] { 170, 171, 221, 209, 7, 181, 48, 178, 48, 118, 242, 132, 36, 218, 74, 140, 216, 165, 161, 70, 11, 42, 246, 205, 235, 231, 19, 48, 87, 141, 122, 10 };

Jwt jwt = new Jwt();
jwt.KeyB = key;
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

Notes for RSA Algorithms (RS256, RS384, RS512, PS256, PS384, PS512)

The RSA based algorithms use asymmetric encryption. Signing is done with a private key and verification is done with a public key. The public key is typically in PEM format.

Jwt jwt = new Jwt();
jwt.SignerCert = new Certificate("..\\jwt.cer"); 
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

Notes for ECDSA Algorithms (ES256, ES384, ES512)

ECDSA algorithms require a valid ECC public key to verify the message. If the key was originally created with the ECC class the PEM encoded PublicKey may be used directly with the Certificate property. An example PEM encoded public certificate created by the ECC class:

-----BEGIN PUBLIC KEY----- MIIBMjCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAA AAD///////////////8wRAQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrG NdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt 6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA //////////+85vqtpxeehPO5ysL8YyVRAgEBA0EEIC5rbLp11Mnz6cBXLLriaDIov3rm8RAY x/OR0bOKiff0cQy+sLVaxjseqFk/+Xvl4ORSv5Z6HdHv5GyEpA0UoA== -----END PUBLIC KEY-----

Jwt jwt = new Jwt();
jwt.SignerCert = new Certificate(CertStoreTypes.cstPublicKeyFile, pubKey, "", "*");
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

To use an ECC public key created by other means the ECC class may be used to import the key parameters. Populate the Rx and Ry of the ECC class first to obtain the PEM formatted public key. For instance:

//Import an existing ECC public key
nsoftware.IPWorksEncrypt.Ecc ecc = new nsoftware.IPWorksEncrypt.Ecc();

byte[] x_bytes = new byte[] { 171, 170, 196, 151, 94, 196, 231, 12, 128, 232, 17, 61, 45, 105, 41, 209, 192, 187, 112, 242, 110, 178, 95, 240, 36, 55, 83, 171, 190, 176, 78, 13 };
byte[] y_bytes = new byte[] { 197, 75, 134, 245, 245, 28, 199, 9, 7, 117, 1, 54, 49, 178, 135, 252, 62, 89, 35, 180, 117, 80, 231, 23, 110, 250, 28, 124, 219, 253, 224, 156 };

ecc.Key.RxB = x_bytes;
ecc.Key.RyB = y_bytes;

string pubKey = ecc.Key.PublicKey;

Jwt jwt = new Jwt();
jwt.SignerCert = new Certificate(CertStoreTypes.cstPublicKeyFile, pubKey, "", "*");
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

Notes for Unsecured (none)

To parse a JWS token without any security call the Sign method without setting Key or Certificate.

Jwt jwt = new Jwt();
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

Error Handling (C++)

This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)

IPWorks Auth 2020 C++ Edition Website Download Support Questions / Feedback?
	Verify Method Verifies the signature of the encoded JWT. Syntax C++ Objective-C C ANSI (Cross Platform) int Verify(); Unicode (Windows) INT Verify(); - (void)verify; #define MID_JWT_VERIFY 10 IPWORKSAUTH_EXTERNAL int IPWORKSAUTH_CALL IPWorksAuth_JWT_Do(void lpObj, int methid, int cparam, void param[], int cbparam[], int64 lpllVal); Remarks This method verifies the signature of the encoded JWT. Before calling the Verify method set EncodedJWT to a valid compact serialized JWT. For instance: `eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOlsiYXVkaWVuY2UiXSwiaXNzIjoiaXNzdWVyIn0.mlFETSma4WUcUSjNSUWA1n9QBcQHCkHN-y4zeBsCVqI` Key or SignerCert should be set to the HMAC key or public certificate respectively. If the correct Key or SignerCert is not known ahead of time the `KeyId` parameter of the SignerInfo event may be used to identify the correct key. If this method returns without error verification was successful. If verification fails then this method fails with an error. After calling this method the claims will be parsed and the Claim properties will be populated. The the Header* properties will contain the headers. Headers of the parsed message are also available through the HeaderParam event. The following properties are applicable when calling this method: EncodedJWT (required) Key (conditional - required for HMAC) SignerCert (conditional - required for ECDSA and RSA) SigningAlgorithm (only if StrictValidation is True) StrictValidation After calling this method the following properties are populated: ClaimAudience ClaimExp ClaimIssuedAt ClaimIssuer ClaimJWTId ClaimNotBefore ClaimSubject Header* Notes for HMAC Algorithms (HS256, HS384, HS512) When verifying a message originally signed with a HMAC algorithm Key must be set to the same key used during signing. The key must be known by both parties in order for signing and verification to take place. byte[] key = new byte[] { 170, 171, 221, 209, 7, 181, 48, 178, 48, 118, 242, 132, 36, 218, 74, 140, 216, 165, 161, 70, 11, 42, 246, 205, 235, 231, 19, 48, 87, 141, 122, 10 }; Jwt jwt = new Jwt(); jwt.KeyB = key; jwt.EncodedJWT = signedData; jwt.Verify(); string issuer = jwt.ClaimIssuer; Notes for RSA Algorithms (RS256, RS384, RS512, PS256, PS384, PS512) The RSA based algorithms use asymmetric encryption. Signing is done with a private key and verification is done with a public key. The public key is typically in PEM format. Jwt jwt = new Jwt(); jwt.SignerCert = new Certificate("..\\jwt.cer"); jwt.EncodedJWT = signedData; jwt.Verify(); string issuer = jwt.ClaimIssuer; Notes for ECDSA Algorithms (ES256, ES384, ES512) ECDSA algorithms require a valid ECC public key to verify the message. If the key was originally created with the ECC class the PEM encoded `PublicKey` may be used directly with the Certificate property. An example PEM encoded public certificate created by the ECC class: `-----BEGIN PUBLIC KEY----- MIIBMjCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAA AAD///////////////8wRAQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrG NdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt 6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA //////////+85vqtpxeehPO5ysL8YyVRAgEBA0EEIC5rbLp11Mnz6cBXLLriaDIov3rm8RAY x/OR0bOKiff0cQy+sLVaxjseqFk/+Xvl4ORSv5Z6HdHv5GyEpA0UoA== -----END PUBLIC KEY-----` Jwt jwt = new Jwt(); jwt.SignerCert = new Certificate(CertStoreTypes.cstPublicKeyFile, pubKey, "", ""); jwt.EncodedJWT = signedData; jwt.Verify(); string issuer = jwt.ClaimIssuer; To use an ECC public key created by other means the ECC class may be used to import the key parameters. Populate the `Rx` and `Ry` of the ECC class first to obtain the PEM formatted public key. For instance: //Import an existing ECC public key nsoftware.IPWorksEncrypt.Ecc ecc = new nsoftware.IPWorksEncrypt.Ecc(); byte[] x_bytes = new byte[] { 171, 170, 196, 151, 94, 196, 231, 12, 128, 232, 17, 61, 45, 105, 41, 209, 192, 187, 112, 242, 110, 178, 95, 240, 36, 55, 83, 171, 190, 176, 78, 13 }; byte[] y_bytes = new byte[] { 197, 75, 134, 245, 245, 28, 199, 9, 7, 117, 1, 54, 49, 178, 135, 252, 62, 89, 35, 180, 117, 80, 231, 23, 110, 250, 28, 124, 219, 253, 224, 156 }; ecc.Key.RxB = x_bytes; ecc.Key.RyB = y_bytes; string pubKey = ecc.Key.PublicKey; Jwt jwt = new Jwt(); jwt.SignerCert = new Certificate(CertStoreTypes.cstPublicKeyFile, pubKey, "", ""); jwt.EncodedJWT = signedData; jwt.Verify(); string issuer = jwt.ClaimIssuer; Notes for Unsecured (none) To parse a JWS token without any security call the Sign method without setting Key or Certificate. Jwt jwt = new Jwt(); jwt.EncodedJWT = signedData; jwt.Verify(); string issuer = jwt.ClaimIssuer; Error Handling (C++) This method returns a result code; `0` indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the `GetLastError()` method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the `GetLastErrorCode()` method after it returns.)
Copyright (c) 2022 /n software inc. - All rights reserved. IPWorks Auth 2020 C++ Edition - Version 20.0 [Build 8155]

IPWorks Auth 2020 C++ Edition

Verify Method

Syntax

Remarks

Error Handling (C++)