Verify

Verify the signature of a JSON Web token and decode the payload using extensible outputs.

Unless otherwise indicated, field types are text.

Required fields are indicated by a red asterisk.

Input

• token: complete JWT, including the Base64 encoded header and payload, in addition to the signature

• key: private or public key used to encrypt the signature of the JWT; private keys need to be shared, but many algorithms can be decoded by a corresponding public key.

• options

  • audience: identifies the recipients for which the JWT is intended; the value is a case-sensitive string containing a string or URI value; use of the audience claim (aud) is optional.

  • issuer: identifies the issuer of the JWT; the value is a case-sensitive string containing a string or URI value; the use of the issuer claim (iss) is optional.

  • ignoreExpiration(True/False): boolean value that allows the receiving party that is decoding the token to ignore any expiration time (exp) set in the signature; the card defaults to honoring the expiration field.

  • subject: identifies the subject of the JWT; subjects should be either locally or globally unique; the value is a case-sensitive string containing a string or URI value; the use of subject claim (sub) is optional.

  • algorithm(dropdown): Okta Workflows supports the following types of JWT encryption:

    • HS256 (default)

    • HS384

    • HS512

    • RS256

    • RS384

    • RS512

    • ES256

    • ES384

    • ES512

    • PS265

    • PS384

    • PS512

Output

• decoded: extensible outputs allow you to manually add a new output field for each key that you expect to be delivered with the payload; these outputs can then be dragged to other inputs in the flow to process the data.