Validating JWTs Offline
Descope employs JSON Web Token (JWT) to ensure secure authentication, and authorization.
In web applications, it's essential to parse and validate these tokens to guarantee their integrity and authenticity.
Here's how to use Descope's backend SDKs to validate JWTs:
Backend SDK
Install SDK
Import and initialize SDK
Call the Validate JWT Function
After passing in the JWT from the frontend to your backend, you can simply call the validate JWT function.
You can optionally validate the aud
claim by passing an audience
parameter to prevent token reuse across applications. The parameter accepts either a string or an array of strings.
Note: Not all SDKs support audience validation - see code examples below for supported SDKs.
Offline
Validating JSON Web Tokens (JWTs) offline is crucial in situations where the server running the SDK does not have access to the internet. Descope SDKs allow you to handle this scenario with ease. This article explains how to validate JWTs offline by providing a custom public key.
Providing a Custom Public Key
Finding Your Public Key
Your public key can be located at https://api.descope.com/v2/keys/<your_project_id>
for US-based projects. Use the localized baseURL for projects located outside of the US.
Refer to the Descope Documentation and API reference page for additional details on locating and handling public keys.
Initializing the SDK with a Custom Public Key
To provide your own public key, you can do so by including the publicKey
option when initializing the SDK. The public key
must be a JSON object containing the appropriate algorithm and other details. Below are examples of initializing the SDK
with a public key.
Conclusion
Validating JWTs offline via SDK by providing a custom public key enhances security and functionality, especially when working in environments without internet access.
If you have any other questions about Descope, feel free to reach out to us!