Verify
Verify the signature of a JSON Web token and decode the payload using extensible outputs.
Unless otherwise indicated, field types are text.
Required fields are indicated by a red asterisk.
Input
-
token: complete JWT, including the Base64 encoded header and payload, in addition to the signature
-
key: private or public key used to encrypt the signature of the JWT; private keys need to be shared, but many algorithms can be decoded by a corresponding public key.
-
options
-
audience: identifies the recipients for which the JWT is intended; the value is a case-sensitive string containing a string or URI value; use of the audience claim (aud) is optional.
-
issuer: identifies the issuer of the JWT; the value is a case-sensitive string containing a string or URI value; the use of the issuer claim (iss) is optional.
-
ignoreExpiration(True/False): boolean value that allows the receiving party that is decoding the token to ignore any expiration time (exp) set in the signature; the card defaults to honoring the expiration field.
-
subject: identifies the subject of the JWT; subjects should be either locally or globally unique; the value is a case-sensitive string containing a string or URI value; the use of subject claim (sub) is optional.
-
algorithm(dropdown): Okta Workflows supports the following types of JWT encryption:
-
HS256 (default)
-
HS384
-
HS512
-
RS256
-
RS384
-
RS512
-
ES256
-
ES384
-
ES512
-
PS265
-
PS384
-
PS512
-
-
Output
- decoded: extensible outputs allow you to manually add a new output field for each key that you expect to be delivered with the payload; these outputs can then be dragged to other inputs in the flow to process the data.