Validate JWT in your application server
Authenticate the incoming HTTP requests by validating JWT in your application server
In this section, we will go through how to decode the JWT token to obtain the currently logged-in user.
Before we start, make sure the option Issue JWT as access token is enabled in your Application settings in the Portal.
Find the JSON Web Key Sets (JWKS) endpoint
This Discovery endpoint serves a JSON document containing the OpenID Connect configuration of your app. It includes the authorization endpoint, the token endpoint and the JWKS endpoint.
https://<YOUR_AUTHGEAR_ENDPOINT>/.well-known/openid-configuration
Here is an example of how it looks.
The JSON Web Key Sets (JWKS) endpoint can be found in jwk_url
in the configuration.
OpenID Connect Configuration JSON
Decode user from an access token
Follow this step-by-step example to verify and decode the JWT token.
Step 1: Install packages
Step 2: Find the JSON Web Key Sets (JWKS) endpoint
Define a function to find the JWKS endpoint from the OpenID Connect configuration. Use your Authgear endpoint as base_address
Step 3: Get JWT token from the Authorization header
Define a function to extract the access token from the Authorization header in the incoming request. It should look like Authorization: Bearer <access_token>
.
Step 4: Verify and decode the JWT token
Here show an example of using Flask web framework to guard a path. You may need to adjust some of the codes to suit your technologies.
Decode user from cookies
Validating JWT in your application server is currently only available for Token-based authentication.
For Cookie-based authentication, JWT in cookies is not supported yet. You can track the issue here.
Last updated