What validity tests make sense on client side

simonh1000 · June 3, 2018, 8:21am

What can I do to test validity of a JWT on the client side. I realise that I can NOT test against the secret key.

Tests I can think of:

three sections
header and the body need to represent json objects

Are there any rules on length/structure of signature? Anything I’m missing?

Beyond being able to access the fields of the body, so any other tests make sense - at the end of the day an invalid jwt will be rejected by the server when it is used

luis.rudge · June 3, 2018, 5:43pm

If you’re using RS256 id_token’s, then you can use GitHub - auth0/idtoken-verifier: Lightweight RSA JWT verification to validate them.

Topic		Replies	Views
Why does jwt.verify() give "invalid signature"? JWT.io	13	92757	January 22, 2019
Token validation with https://jwt.io/#debugger JWT.io jwt-validation	2	4401	March 2, 2018
JWT.io - HS256 validation false positivites AFTER initial verification? JWT.io bug , jwt	0	966	August 29, 2023
Why JWT verify tampered tokens? JWT.io	4	4344	December 5, 2018
Valid JWT using curl, not when using node.js JWT.io	3	4705	July 25, 2019

What validity tests make sense on client side

Related topics