Sample code for 30+ languages & platforms
Visual FoxPro

Verify a JWT Created by the Amazon Cognito Service

See more JSON Web Token (JWT) Examples

Demonstrates how to verify a JWT created by the Amazon Cognito Service.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loHttp
LOCAL loSbJsonKeys
LOCAL loJsonKeys
LOCAL loJsonKey1
LOCAL loPubKey1
LOCAL loJwt
LOCAL lcToken
LOCAL lnSigVerified
LOCAL lnLeeway
LOCAL lnBTimeValid
LOCAL lcPayload
LOCAL loJson
LOCAL lcJoseHeader

lnSuccess = 0

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* The public keys for this example are at https://cognito-idp.us-east-2.amazonaws.com/us-east-2_******/.well-known/jwks.json
* Let's get them:

loHttp = CreateObject('Chilkat.Http')
loSbJsonKeys = CreateObject('Chilkat.StringBuilder')
lnSuccess = loHttp.QuickGetSb("https://cognito-idp.us-east-2.amazonaws.com/us-east-2_******/.well-known/jwks.json",loSbJsonKeys)
IF (lnSuccess = 0) THEN
    ? loHttp.LastErrorText
    RELEASE loHttp
    RELEASE loSbJsonKeys
    CANCEL
ENDIF

loJsonKeys = CreateObject('Chilkat.JsonObject')
loJsonKeys.LoadSb(loSbJsonKeys)
loJsonKeys.EmitCompact = 0
? loJsonKeys.Emit()

* Here are the keys:

* {
*   "keys": [
*     {
*       "alg": "RS256",
*       "e": "AQAB",
*       "kid": "1A/L5Fsb2EsEwxy5E0cmCMS1BnMe6Jl6NXiMig4iNwU=",
*       "kty": "RSA",
*       "n": "y0w7BJrIJYi ... jKG27z2P3OKw",
*       "use": "sig"
*     },
*     {
*       "alg": "RS256",
*       "e": "AQAB",
*       "kid": "mos6VTJnvDwurY3ghJg6IAPUq+dMwl6CL/iThzJOkzg=",
*       "kty": "RSA",
*       "n": "qbIEH-7tg6yrT ... 3Fj94ooTd0w",
*       "use": "sig"
*     }
*   ]
* }

* Try the 1st key.
loJsonKey1 = CreateObject('Chilkat.JsonObject')
loJsonKeys.ObjectOf2("keys[0]",loJsonKey1)

loPubKey1 = CreateObject('Chilkat.PublicKey')
lnSuccess = loPubKey1.LoadFromString(loJsonKey1.Emit())
IF (lnSuccess = 0) THEN
    ? loPubKey1.LastErrorText
    RELEASE loHttp
    RELEASE loSbJsonKeys
    RELEASE loJsonKeys
    RELEASE loJsonKey1
    RELEASE loPubKey1
    CANCEL
ENDIF

? "Success"

loJwt = CreateObject('Chilkat.Jwt')

* I did not include the an actual AWS Cognito token here because our test sample used customer-provided data..
lcToken = "eyJ..asXg"

* First verify the signature.
lnSigVerified = loJwt.VerifyJwtPk(lcToken,loPubKey1)
? "verified: " + STR(lnSigVerified)

* Let's see if the time constraints, if any, are valid.
* The above JWT was created on the afternoon of 16-May-2016, with an expiration of 1 hour.
* If the current system time is before the "nbf" time, or after the "exp" time,
* then IsTimeValid will return false/0.
* Also, we'll allow a leeway of 60 seconds to account for any clock skew.
* Note: If the token has no "nbf" or "exp" claim fields, then IsTimeValid is always true.
lnLeeway = 60
lnBTimeValid = loJwt.IsTimeValid(lcToken,lnLeeway)
? "time constraints valid: " + STR(lnBTimeValid)

* Now let's recover the original claims JSON (the payload).
lcPayload = loJwt.GetPayload(lcToken)
* The payload will likely be in compact form:
? lcPayload

* We can format for human viewing by loading it into Chilkat's JSON object
* and emit.
loJson = CreateObject('Chilkat.JsonObject')
lnSuccess = loJson.Load(lcPayload)
loJson.EmitCompact = 0
? loJson.Emit()

* We can recover the original JOSE header in the same way:
lcJoseHeader = loJwt.GetHeader(lcToken)
* The payload will likely be in compact form:
? lcJoseHeader

* We can format for human viewing by loading it into Chilkat's JSON object
* and emit.
lnSuccess = loJson.Load(lcJoseHeader)
loJson.EmitCompact = 0
? loJson.Emit()

RELEASE loHttp
RELEASE loSbJsonKeys
RELEASE loJsonKeys
RELEASE loJsonKey1
RELEASE loPubKey1
RELEASE loJwt
RELEASE loJson