![]() |
Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Visual FoxPro) Verify a JWT Created by the Amazon Cognito ServiceDemonstrates how to verify a JWT created by the Amazon Cognito Service. Note: This example requires Chilkat v11.0.0 or greater.
LOCAL lnSuccess LOCAL loHttp LOCAL loSbJsonKeys LOCAL loJsonKeys LOCAL loJsonKey1 LOCAL loPubKey1 LOCAL loJwt LOCAL lcToken LOCAL lnSigVerified LOCAL lnLeeway LOCAL lnBTimeValid LOCAL lcPayload LOCAL loJson LOCAL lcJoseHeader lnSuccess = 0 * This example requires the Chilkat API to have been previously unlocked. * See Global Unlock Sample for sample code. * The public keys for this example are at https://cognito-idp.us-east-2.amazonaws.com/us-east-2_******/.well-known/jwks.json * Let's get them: loHttp = CreateObject('Chilkat.Http') loSbJsonKeys = CreateObject('Chilkat.StringBuilder') lnSuccess = loHttp.QuickGetSb("https://cognito-idp.us-east-2.amazonaws.com/us-east-2_******/.well-known/jwks.json",loSbJsonKeys) IF (lnSuccess = 0) THEN ? loHttp.LastErrorText RELEASE loHttp RELEASE loSbJsonKeys CANCEL ENDIF loJsonKeys = CreateObject('Chilkat.JsonObject') loJsonKeys.LoadSb(loSbJsonKeys) loJsonKeys.EmitCompact = 0 ? loJsonKeys.Emit() * Here are the keys: * { * "keys": [ * { * "alg": "RS256", * "e": "AQAB", * "kid": "1A/L5Fsb2EsEwxy5E0cmCMS1BnMe6Jl6NXiMig4iNwU=", * "kty": "RSA", * "n": "y0w7BJrIJYi ... jKG27z2P3OKw", * "use": "sig" * }, * { * "alg": "RS256", * "e": "AQAB", * "kid": "mos6VTJnvDwurY3ghJg6IAPUq+dMwl6CL/iThzJOkzg=", * "kty": "RSA", * "n": "qbIEH-7tg6yrT ... 3Fj94ooTd0w", * "use": "sig" * } * ] * } * Try the 1st key. loJsonKey1 = CreateObject('Chilkat.JsonObject') loJsonKeys.ObjectOf2("keys[0]",loJsonKey1) loPubKey1 = CreateObject('Chilkat.PublicKey') lnSuccess = loPubKey1.LoadFromString(loJsonKey1.Emit()) IF (lnSuccess = 0) THEN ? loPubKey1.LastErrorText RELEASE loHttp RELEASE loSbJsonKeys RELEASE loJsonKeys RELEASE loJsonKey1 RELEASE loPubKey1 CANCEL ENDIF ? "Success" loJwt = CreateObject('Chilkat.Jwt') * I did not include the an actual AWS Cognito token here because our test sample used customer-provided data.. lcToken = "eyJ..asXg" * First verify the signature. lnSigVerified = loJwt.VerifyJwtPk(lcToken,loPubKey1) ? "verified: " + STR(lnSigVerified) * Let's see if the time constraints, if any, are valid. * The above JWT was created on the afternoon of 16-May-2016, with an expiration of 1 hour. * If the current system time is before the "nbf" time, or after the "exp" time, * then IsTimeValid will return false/0. * Also, we'll allow a leeway of 60 seconds to account for any clock skew. * Note: If the token has no "nbf" or "exp" claim fields, then IsTimeValid is always true. lnLeeway = 60 lnBTimeValid = loJwt.IsTimeValid(lcToken,lnLeeway) ? "time constraints valid: " + STR(lnBTimeValid) * Now let's recover the original claims JSON (the payload). lcPayload = loJwt.GetPayload(lcToken) * The payload will likely be in compact form: ? lcPayload * We can format for human viewing by loading it into Chilkat's JSON object * and emit. loJson = CreateObject('Chilkat.JsonObject') lnSuccess = loJson.Load(lcPayload) loJson.EmitCompact = 0 ? loJson.Emit() * We can recover the original JOSE header in the same way: lcJoseHeader = loJwt.GetHeader(lcToken) * The payload will likely be in compact form: ? lcJoseHeader * We can format for human viewing by loading it into Chilkat's JSON object * and emit. lnSuccess = loJson.Load(lcJoseHeader) loJson.EmitCompact = 0 ? loJson.Emit() RELEASE loHttp RELEASE loSbJsonKeys RELEASE loJsonKeys RELEASE loJsonKey1 RELEASE loPubKey1 RELEASE loJwt RELEASE loJson |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.