Methods
decode(token) → {DecodedToken}
Decodes a well formed JWT without any verification
Parameters:
| Name | Type | Description |
|---|---|---|
token |
string
|
decodes the token |
validateAccessToken(access_token, alg, atHash, cb)
Validates an access_token based on http://openid.net/specs/openid-connect-core-1_0.html#ImplicitTokenValidation. The id_token from where the alg and atHash parameters are taken, should be decoded and verified before using thisfunction
Parameters:
| Name | Type | Description |
|---|---|---|
access_token |
string
|
the access_token |
alg |
string
|
The algorithm defined in the header of the previously verified id_token under the "alg" claim. |
atHash |
string
|
The "at_hash" value included in the payload of the previously verified id_token. |
cb |
validateAccessTokenCallback
|
callback used to notify the results of the validation. |
verify(token, requestedNonceopt, cb)
Verifies an id_token
It will validate:
- signature according to the algorithm configured in the verifier.
- if nonce is present and matches the one provided
-
if
issandaudclaims matches the configured issuer and audience -
if token is not expired and valid (if the
nbfclaim is in the past)
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
token |
string
|
id_token to verify |
|
requestedNonce |
string
|
<optional> |
nonce value that should match the one in the id_token claims |
cb |
verifyCallback
|
callback used to notify the results of the validation |
Type Definitions
DecodedToken
Properties:
| Name | Type | Description |
|---|---|---|
header |
Object
|
content of the JWT header. |
payload |
Object
|
token claims. |
encoded |
Object
|
encoded parts of the token. |
Type:
-
Object
validateAccessTokenCallback(erropt)
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
err |
Error
|
<optional> |
error returned if the validation cannot be performed or the token is invalid. If there is no error, then the access_token is valid. |