Auth0 Home Blog Docs

What validity tests make sense on client side


What can I do to test validity of a JWT on the client side. I realise that I can NOT test against the secret key.

Tests I can think of:

  • three sections
  • header and the body need to represent json objects

Are there any rules on length/structure of signature? Anything I’m missing?

Beyond being able to access the fields of the body, so any other tests make sense - at the end of the day an invalid jwt will be rejected by the server when it is used


If you’re using RS256 id_token’s, then you can use to validate them.

closed #3