How to verify the jsonwebtoken?

EVE Technology and Research Center Third Party Developers
1

Hey,

I managed to get the access_token I need. Now I need to verify the access_token. As in: https://docs.esi.evetech.net/docs/sso/validating_eve_jwt.html . But I can’t really figure out what I am supposed to do. I did install a node package. Which provides me with a verify method: https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback

I can’t seem to figure out what arguments to put in. And the docs aren’t helping a Iot either. I assume the first argument is the access_token, is the second my client_secret? And the third, what setting should I pass?

Of course I can proceed without this verification-step, but I’d rather not.

2

I think you would need to reference this example:

// Verify using getKey callback
// Example uses GitHub - auth0/node-jwks-rsa: A library to retrieve RSA public keys from a JWKS (JSON Web Key Set) endpoint. as a way to fetch the keys.
var jwksClient = require(‘jwks-rsa’);
var client = jwksClient({
jwksUri: ‘https://sandrino.auth0.com/.well-known/jwks.json
});
function getKey(header, callback){
client.getSigningKey(header.kid, function(err, key) {
var signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}

jwt.verify(token, getKey, options, function(err, decoded) {
console.log(decoded.foo) // bar
});

Where in our case the jwksUri would be https://login.eveonline.com/oauth/jwks as mentioned in step #1.

3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.