Skip to main content

Validating a token

An access token is intended for use with a specific API and should only be validated by that API. In general, you do not need to validate an access token received from an identity provider (IdP). You can hand it over to the issuing IdP such as Authdog IdP, who will do the rest. If any of these checks fail, the token is considered invalid, and the request must be rejected with 401 Unauthorized result.
Here is below an example to verify a JSON Web Token for the selected algorithm:

import { checkTokenValidness } from "@authdog/easyjwt"
const myToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.POstGetfAytaZS82wHcjoTyoqhMyxXiWdR7Nn7A29DNSl0EiXLdwJ6xC6AfgZWF1bOsS_TuYI3OG85AmiExREkrS6tDfTQ2B3WXlrr-wp5AokiRbz3_oB4OxG-W9KcEEbDRcZc0nH3L7LzYptiy1PtAylQGxHTWZXtGz4ht0bAecBgmpdgXMguEIcoqPJ1n3pIWk_dUZegpqx0Lka21H6XxUTxiy8OcaarA8zdnPUnV6AmNP3ecFawIFYdvJB_cm-GvpCSbr8G8y_Mllj8f4x9nBH8pQux89_6gUY618iYv7tuPWBFfEbLxtF2pZS6YC1aSfLQxeNe8djT9YjpvRZA";
const initializeSession = async () => {    let isValid: boolean = false;    try {        isValid = await checkTokenValidness(myToken, { jwksUri: process.env.JWKS_URI })    } catch(e) {        // handle exception    }
    if (isValid) {        // do something    }}