Verify

Verify the signature of a JSON Web token and decode the payload using extensible outputs.

Input

Field Definition Type Required
token Complete JWT, including the Base64 encoded header and payload, in addition to the signature. String TRUE
key Private or public key used to encrypt the signature of the JWT. Private keys need to be shared, but many algorithms can be decoded by a corresponding public key. String TRUE
options
audience Identifies the recipients for which the JWT is intended. Value is a case-sensitive string containing a string or URI value. Use of the audience claim (aud) is optional. String FALSE
issuer Identifies the issuer of the JWT. Value is a case-sensitive string containing a string or URI value. Use of the issuer claim (iss) is optional. String FALSE
ignoreExpiration Boolean value that allows the receiving party that is decoding the token to ignore any expiration time (exp) set in the signature. Card defaults to honoring the expiration field. Boolean FALSE
subject Identifies the subject of the JWT. Subjects should be either locally or globally unique. Value is a case-sensitive string containing a string or URI value. Use of subject claim (sub) is optional. String FALSE
algorithm Okta Workflows supports the following types of JWT encryption:
  • HS256 (default)

  • HS384

  • HS512

  • RS256

  • RS384

  • RS512

  • ES256

  • ES384

  • ES512

  • PS265

  • PS384

  • PS512

Dropdown FALSE

Output

Field Definition Type
decoded Extensible outputs allow you to manually add a new output field for each key that you expect to be delivered with the payload; these outputs can then be dragged to other inputs in the Flow to process the data. Object

Related topics

Functions in Workflows

About the elements of Okta Workflows