How to verify your rs256 signed jwt token

When you’re working with JWT tokens, you need to verify their validity.

Below is a small snippet of code to verify your RS256-signed tokens (note that I purposefully stored the jwks.json file locally so as not to make the HTTP request every time a token needs to be verified (which is every time a request comes in).

For the purposes of this demo, I used the following 2 repos: https://github.com/auth0/jwks-rsa-javahttps://github.com/jwtk/jjwt

But there are many more out there that you can use to verify the tokens.

Here’s the code (I’m using Amazon Cognito as my auth provider, hence the Issuer value):

@Throws(JWTVerificationException::class)
fun valid(token: String): Boolean {

    val resource = javaClass.classLoader.getResource("jwks.json")
    val provider = UrlJwkProvider(resource)
    val jwk = provider.get(Properties._JWT_ID_TOKEN_KID)

    val algorithm = Algorithm.RSA256(jwk.publicKey as RSAKey)
    val verifier = JWT.require(algorithm)
            .withIssuer("https://cognito-idp.${Properties._REGION_NAME}.amazonaws.com/${Properties._USER_POOL_ID}")
            .build() //Reusable verifier instance    val jwt = verifier.verify(token)
    return (jwt != null)
}

Enjoy!

 
comments powered by Disqus