Replies: 1 comment 3 replies
-
|
Please make a concrete, detailed suggestion. |
Beta Was this translation helpful? Give feedback.
-
|
Iam suggesting this: const options = { const jwtToken = await jwtVerify(accessToken, JWKS, options); |
Beta Was this translation helpful? Give feedback.
-
|
Wouldn't that the same as const jwtToken = await jwtVerify(accessToken, JWKS, { issuer, subject }});
assert.equal(jwtToken.payload['urn:example:customclaim'], 'xxx')Custom claims have no defined format or logic to be validated, rather than building a "matcher"/"verifier" system I think this should remain in your application's code to validate. |
Beta Was this translation helpful? Give feedback.
-
|
Potable, that sounds good. So, by the way, thanks for fastest responses. Regards |
Beta Was this translation helpful? Give feedback.
-
Hi panva, how r u last time?
I'm using the jose lib to validate JWT tokens emmited from the oidc-provider. I'm using a stateless validation. The problem for me, is that jose aren't validating custom public claims on payload.
This claim are part of specs and RFCs, but, something make me feel that there are some reason because you don't accepts custom claims to validate playload.
There are a lot of others libs that make the job, but it's really important keep the stack a save! I prefer to use your libs.
Thanks a lot!
Regards.
Beta Was this translation helpful? Give feedback.
All reactions