Auth0 Home Blog Docs

What validity tests make sense on client side


#1

What can I do to test validity of a JWT on the client side. I realise that I can NOT test against the secret key.

Tests I can think of:

  • three sections
  • header and the body need to represent json objects

Are there any rules on length/structure of signature? Anything I’m missing?

Beyond being able to access the fields of the body, so any other tests make sense - at the end of the day an invalid jwt will be rejected by the server when it is used


#2

If you’re using RS256 id_token’s, then you can use https://github.com/auth0/idtoken-verifier to validate them.