JWT Validate
Use the JWT Validate node to validate token claims and return the raw contents of the token.
Revision History
1.0.0.0 Initial Release
1.0.0.1 Run from Cloud for supported sites.
1.0.0.3 Strengthened validation of Base64 payloads.
Properties
Connection
Type: Connection Input
The Connection Property
SigningKeys
Type: Multiline Text
Mandatory
Signing keys are to be provided one per line, and should represent the contents of the public key e.g.
signingkeybas641==
sigingkeybas642==
You do not need to wrap the keys with ----BEGIN CERTIFICATE---- & ----END CERTIFICATE----
The keys should be provided by the issuer, e.g., some of Microsoft's signing keys can be found here. The link will provide a JSON document where the x5c elements are the public keys that should be used in the SigningKeys property.
ClockSkewInMinutes
Type: Int32
Optional, Default = 5 minutes
ClockSkew will allow you to account for a time difference drift when validating the token's Lifetime.
ValidateIfTokenIsSigned
Type: Boolean
Default = True
Checks whether the signing keys provided can be considered valid if not signed.
ValidateExpiration
Type: Boolean
Default = True
Validates whether the token has expired.
ValidateLifetime
Type: Boolean
Default = True
Validates whether the token has exceeded it's lifetime.
ValidateAudience
Type: Boolean
Default = True
Validates whether the audience in the token matches against the value provided for the Audience property.
Audience
Type: String
Optional
The intended audience for the token.
e.g. 95dc2824-ccb4-4859-836b-7857a705bf31
ValidateIssuer
Type: Boolean
Default = True
Validates whether the issuer in the token matches against the value provided for the Issuer property.
Issuer
Type: String
Optional
The expected issuer of the token.
e.g. https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0
JwtToken
Type: Multiline Text Input
The JwtToken Property
The segmented JWT Token, at least 3 segments must be provided.
EnableValidation
Type: Boolean
Default = True
When set to False, ignores ALL JWT token validation, USE AT OWN RISK. Only for viewing the JWT payloads without having to provide any validation parameters.
TokenHeader
Type: Multiline Text Output
The TokenHeader Property
The raw token header information.
TokenBody
Type: Multiline Text Output
The TokenBody Property
The raw token body including the claims.
TokenSignature
Type: Multiline Text Output
The TokenSignature Property
The token signature.
Remarks
In order to use this node on your site, specificsite-level permissionsmust be granted or it needs to be run through a DropPoint.****Submit a ticket to Flowgear Support requesting access to Validate JWT.