Verify

Verify the signature of a JSON Web token and decode the payload using extensible outputs.

Unless otherwise indicated, field types are text.

Required fields are indicated by a red asterisk.

Input

  • token: complete JWT, including the Base64 encoded header and payload, in addition to the signature

  • key: private or public key used to encrypt the signature of the JWT; private keys need to be shared, but many algorithms can be decoded by a corresponding public key.

  • options

    • audience: identifies the recipients for which the JWT is intended; the value is a case-sensitive string containing a string or URI value; use of the audience claim (aud) is optional.

    • issuer: identifies the issuer of the JWT; the value is a case-sensitive string containing a string or URI value; the use of the issuer claim (iss) is optional.

    • ignoreExpiration(True/False): boolean value that allows the receiving party that is decoding the token to ignore any expiration time (exp) set in the signature; the card defaults to honoring the expiration field.

    • subject: identifies the subject of the JWT; subjects should be either locally or globally unique; the value is a case-sensitive string containing a string or URI value; the use of subject claim (sub) is optional.

    • algorithm(dropdown): Okta Workflows supports the following types of JWT encryption:

      • HS256 (default)

      • HS384

      • HS512

      • RS256

      • RS384

      • RS512

      • ES256

      • ES384

      • ES512

      • PS265

      • PS384

      • PS512

Output

  • decoded: extensible outputs allow you to manually add a new output field for each key that you expect to be delivered with the payload; these outputs can then be dragged to other inputs in the flow to process the data.