IPWorks Auth 2020 JavaScript Edition

Questions / Feedback?

Verify Method

Verifies the signature of the encoded JWT.

Syntax

async jwt.verify(): Promise<void>

Remarks

This method verifies the signature of the encoded JWT.

Before calling the Verify method set EncodedJWT to a valid compact serialized JWT. For instance:

eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOlsiYXVkaWVuY2UiXSwiaXNzIjoiaXNzdWVyIn0.mlFETSma4WUcUSjNSUWA1n9QBcQHCkHN-y4zeBsCVqI

Key or SignerCert should be set to the HMAC key or public certificate respectively. If the correct Key or SignerCert is not known ahead of time the KeyId parameter of the SignerInfo event may be used to identify the correct key.

If this method returns without error verification was successful. If verification fails then this method fails with an error. After calling this method the claims will be parsed and the Claim* properties will be populated. The the Header* properties will contain the headers. Headers of the parsed message are also available through the HeaderParam event.

The following properties are applicable when calling this method:

After calling this method the following properties are populated:

Notes for HMAC Algorithms (HS256, HS384, HS512)

When verifying a message originally signed with a HMAC algorithm Key must be set to the same key used during signing. The key must be known by both parties in order for signing and verification to take place.


byte[] key = new byte[] { 170, 171, 221, 209, 7, 181, 48, 178, 48, 118, 242, 132, 36, 218, 74, 140, 216, 165, 161, 70, 11, 42, 246, 205, 235, 231, 19, 48, 87, 141, 122, 10 };

Jwt jwt = new Jwt();
jwt.KeyB = key;
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

Notes for RSA Algorithms (RS256, RS384, RS512, PS256, PS384, PS512)

The RSA based algorithms use asymmetric encryption. Signing is done with a private key and verification is done with a public key. The public key is typically in PEM format.


Jwt jwt = new Jwt();
jwt.SignerCert = new Certificate("..\\jwt.cer"); 
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

Notes for ECDSA Algorithms (ES256, ES384, ES512)

ECDSA algorithms require a valid ECC public key to verify the message. If the key was originally created with the ECC class the PEM encoded PublicKey may be used directly with the Certificate property. An example PEM encoded public certificate created by the ECC class:

-----BEGIN PUBLIC KEY-----
MIIBMjCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAA
AAD///////////////8wRAQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrG
NdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt
6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA
//////////+85vqtpxeehPO5ysL8YyVRAgEBA0EEIC5rbLp11Mnz6cBXLLriaDIov3rm8RAY
x/OR0bOKiff0cQy+sLVaxjseqFk/+Xvl4ORSv5Z6HdHv5GyEpA0UoA==
-----END PUBLIC KEY-----


Jwt jwt = new Jwt();
jwt.SignerCert = new Certificate(CertStoreTypes.cstPublicKeyFile, pubKey, "", "*");
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

To use an ECC public key created by other means the ECC class may be used to import the key parameters. Populate the Rx and Ry of the ECC class first to obtain the PEM formatted public key. For instance:


//Import an existing ECC public key
nsoftware.IPWorksEncrypt.Ecc ecc = new nsoftware.IPWorksEncrypt.Ecc();

byte[] x_bytes = new byte[] { 171, 170, 196, 151, 94, 196, 231, 12, 128, 232, 17, 61, 45, 105, 41, 209, 192, 187, 112, 242, 110, 178, 95, 240, 36, 55, 83, 171, 190, 176, 78, 13 };
byte[] y_bytes = new byte[] { 197, 75, 134, 245, 245, 28, 199, 9, 7, 117, 1, 54, 49, 178, 135, 252, 62, 89, 35, 180, 117, 80, 231, 23, 110, 250, 28, 124, 219, 253, 224, 156 };

ecc.Key.RxB = x_bytes;
ecc.Key.RyB = y_bytes;

string pubKey = ecc.Key.PublicKey;

Jwt jwt = new Jwt();
jwt.SignerCert = new Certificate(CertStoreTypes.cstPublicKeyFile, pubKey, "", "*");
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

Notes for Unsecured (none)

To parse a JWS token without any security call the Sign method without setting Key or Certificate.


Jwt jwt = new Jwt();
jwt.EncodedJWT = signedData;
jwt.Verify();

string issuer = jwt.ClaimIssuer;

 
 
Copyright (c) 2021 /n software inc. - All rights reserved.
IPWorks Auth 2020 JavaScript Edition - Version 20.0 [Build 7721]