Visual FoxPro
Visual FoxPro
Verify a JWT Created by the Amazon Cognito Service
See more JSON Web Token (JWT) Examples
Demonstrates how to verify a JWT created by the Amazon Cognito Service.Chilkat Visual FoxPro Downloads
LOCAL lnSuccess
LOCAL loHttp
LOCAL loSbJsonKeys
LOCAL loJsonKeys
LOCAL loJsonKey1
LOCAL loPubKey1
LOCAL loJwt
LOCAL lcToken
LOCAL lnSigVerified
LOCAL lnLeeway
LOCAL lnBTimeValid
LOCAL lcPayload
LOCAL loJson
LOCAL lcJoseHeader
lnSuccess = 0
* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.
* The public keys for this example are at https://cognito-idp.us-east-2.amazonaws.com/us-east-2_******/.well-known/jwks.json
* Let's get them:
loHttp = CreateObject('Chilkat.Http')
loSbJsonKeys = CreateObject('Chilkat.StringBuilder')
lnSuccess = loHttp.QuickGetSb("https://cognito-idp.us-east-2.amazonaws.com/us-east-2_******/.well-known/jwks.json",loSbJsonKeys)
IF (lnSuccess = 0) THEN
? loHttp.LastErrorText
RELEASE loHttp
RELEASE loSbJsonKeys
CANCEL
ENDIF
loJsonKeys = CreateObject('Chilkat.JsonObject')
loJsonKeys.LoadSb(loSbJsonKeys)
loJsonKeys.EmitCompact = 0
? loJsonKeys.Emit()
* Here are the keys:
* {
* "keys": [
* {
* "alg": "RS256",
* "e": "AQAB",
* "kid": "1A/L5Fsb2EsEwxy5E0cmCMS1BnMe6Jl6NXiMig4iNwU=",
* "kty": "RSA",
* "n": "y0w7BJrIJYi ... jKG27z2P3OKw",
* "use": "sig"
* },
* {
* "alg": "RS256",
* "e": "AQAB",
* "kid": "mos6VTJnvDwurY3ghJg6IAPUq+dMwl6CL/iThzJOkzg=",
* "kty": "RSA",
* "n": "qbIEH-7tg6yrT ... 3Fj94ooTd0w",
* "use": "sig"
* }
* ]
* }
* Try the 1st key.
loJsonKey1 = CreateObject('Chilkat.JsonObject')
loJsonKeys.ObjectOf2("keys[0]",loJsonKey1)
loPubKey1 = CreateObject('Chilkat.PublicKey')
lnSuccess = loPubKey1.LoadFromString(loJsonKey1.Emit())
IF (lnSuccess = 0) THEN
? loPubKey1.LastErrorText
RELEASE loHttp
RELEASE loSbJsonKeys
RELEASE loJsonKeys
RELEASE loJsonKey1
RELEASE loPubKey1
CANCEL
ENDIF
? "Success"
loJwt = CreateObject('Chilkat.Jwt')
* I did not include the an actual AWS Cognito token here because our test sample used customer-provided data..
lcToken = "eyJ..asXg"
* First verify the signature.
lnSigVerified = loJwt.VerifyJwtPk(lcToken,loPubKey1)
? "verified: " + STR(lnSigVerified)
* Let's see if the time constraints, if any, are valid.
* The above JWT was created on the afternoon of 16-May-2016, with an expiration of 1 hour.
* If the current system time is before the "nbf" time, or after the "exp" time,
* then IsTimeValid will return false/0.
* Also, we'll allow a leeway of 60 seconds to account for any clock skew.
* Note: If the token has no "nbf" or "exp" claim fields, then IsTimeValid is always true.
lnLeeway = 60
lnBTimeValid = loJwt.IsTimeValid(lcToken,lnLeeway)
? "time constraints valid: " + STR(lnBTimeValid)
* Now let's recover the original claims JSON (the payload).
lcPayload = loJwt.GetPayload(lcToken)
* The payload will likely be in compact form:
? lcPayload
* We can format for human viewing by loading it into Chilkat's JSON object
* and emit.
loJson = CreateObject('Chilkat.JsonObject')
lnSuccess = loJson.Load(lcPayload)
loJson.EmitCompact = 0
? loJson.Emit()
* We can recover the original JOSE header in the same way:
lcJoseHeader = loJwt.GetHeader(lcToken)
* The payload will likely be in compact form:
? lcJoseHeader
* We can format for human viewing by loading it into Chilkat's JSON object
* and emit.
lnSuccess = loJson.Load(lcJoseHeader)
loJson.EmitCompact = 0
? loJson.Emit()
RELEASE loHttp
RELEASE loSbJsonKeys
RELEASE loJsonKeys
RELEASE loJsonKey1
RELEASE loPubKey1
RELEASE loJwt
RELEASE loJson