Verify the signature of a JSON Web token and decode the payload using extensible outputs.
Input
Field
Definition
Type
Required
token
Complete JWT, including the Base64 encoded header and payload, in addition to the signature.
String
TRUE
key
Private or public key used to encrypt the signature of the JWT. Private keys need to be shared, but many algorithms can be decoded by a corresponding public key.
String
TRUE
options
audience
Identifies the recipients for which the JWT is intended. Value is a case-sensitive string containing a string or URI value. Use of the audience claim (aud) is optional.
String
FALSE
issuer
Identifies the issuer of the JWT. Value is a case-sensitive string containing a string or URI value. Use of the issuer claim (iss) is optional.
String
FALSE
ignoreExpiration
Boolean value that allows the receiving party that is decoding the token to ignore any expiration time (exp) set in the signature. Card defaults to honoring the expiration field.
Boolean
FALSE
subject
Identifies the subject of the JWT. Subjects should be either locally or globally unique. Value is a case-sensitive string containing a string or URI value. Use of subject claim (sub) is optional.
String
FALSE
algorithm
Okta Workflows supports the following types of JWT encryption:
HS256 (default)
HS384
HS512
RS256
RS384
RS512
ES256
ES384
ES512
PS265
PS384
PS512
Dropdown
FALSE
Output
Field
Definition
Type
decoded
Extensible outputs allow you to manually add a new output field for each key that you expect to be delivered with the payload; these outputs can then be dragged to other inputs in the flow to process the data.
