I have generated JWT token. I added it as String argument in one method I have to call. Is there a way to validate that String token if it is expired, valid, etc?
Asked
Active
Viewed 777 times
0
-
Out of the box - no. This sounds like an XY problem - what are you trying to achieve? – identigral May 16 '22 at 15:11
-
When I send some request, sometimes I got invalid or expired token error. I want to prevent sending request if token is expired or invalid. @identigral – crazyDev May 16 '22 at 15:15
-
Are you sending from Salesforce to an external service or inbound to Salesforce? – identigral May 16 '22 at 15:17
-
Yes, from Salesforce to an external API. @identigral – crazyDev May 17 '22 at 10:51
-
If you're generating a token in Apex, take a look at https://salesforce.stackexchange.com/questions/324426/generate-jwt-token-for-external-app-sso . – identigral May 17 '22 at 16:04
1 Answers
1
Salesforce does provide Apex support for JWS/JWT:
https://developer.salesforce.com/docs/atlas.en-us.apexref.meta/apexref/apex_class_Auth_JWS.htm
-and-
https://developer.salesforce.com/docs/atlas.en-us.apexref.meta/apexref/apex_class_Auth_JWT.htm
Although unfortunately the JWS class only supports generating signatures and not verifying them. However you can verify the signature yourself:
Using the Crypto.verify() method to verify a JWT signature
Once you've verified that the payload is valid, then you can examine any of the Claims to make sure that they are acceptable.
Matt Comer
- 36
- 4
-
Thanks, but Crypto.verify asks for publicKey which I do not have. How to resolve this? – crazyDev May 17 '22 at 13:11