Hi - I've seen a few threads but I can't really find any information as to how the JWT verification works in Wappler, what inputs it takes/ outputs to expect etc.
My situation is I am receiving webhooks from a third party. The webhooks are JWT signed. I have the public key and need to verify the signature.
It seems the signature is base-64 encoded. Can I use the built in Wappler functions to decode and verify the JWT signature or do I need to build a custom module for this?
Thanks
You can use Wappler to decode the base64 encoded signature and then use the verify JWT step inside a try catch with the throw error box checked. You can also use the decode JWT step and assign the output to a set value step with output enabled to see the JWT data.
Thanks. Good to know it's possible directly but I'm not able to find any of the functions.
To decode the base64 encoded signature, what action step do I select? I can't find a suitable one
I tried the JWT decode - here:
Just returns null. It only has a token input so I assume it needs a decrypted token, and entering the base-64 encrypted one results in an error.
So really it comes down to finding the action step to decrypt the signature. The cryptographic section only has password hashing.
Ah - the decoding is a formatter! Thanks, I'll try that now
Thanks again for your help. I'm still getting null on the decode but verify has moved from malformed to invalid signature (which is correct for the test I sent). I'll come back to it on Monday. Thanks for putting me on the right path
Make sure to add a set value step and assign the output from decode to it and set it to output enabled. You can decode any JWT even if the signature is invalid. The signature is only there to verify the content of the JWT was not modified. That’s also the reason why nobody should ever store sensitive information inside a JWT unless it was encrypted before.
