Skip to main content
POST
/
api
/
{serviceId}
/
jose
/
verify
Typescript (SDK)
import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.joseObject.joseVerifyApi({
    serviceId: "<id>",
    joseVerifyRequest: {
      jose: "eyJhbGciOiJFUzI1NiJ9.eyJleHAiOjE1NTk4MTE3NTAsImlzcyI6IjU3Mjk3NDA4ODY3In0K.csmdholMVcmjqHe59YWgLGNvm7I5Whp4phQCoGxyrlRGMnTgsfxtwyxBgMXQqEPD5q5k9FaEWNk37K8uAtSwrA",
      clockSkew: 100,
      clientIdentifier: "57297408867",
      signedByClient: true,
    },
  });

  console.log(result);
}

run();
{
  "resultCode": "A160001",
  "resultMessage": "[A160001] The JOSE is valid.",
  "signatureValid": true,
  "valid": true
}

Authorizations

Authorization
string
header
required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId
string
required

A service ID.

Body

jose
string
required

A JOSE object.

mandatoryClaims
string[]

Mandatory claims that are required to be included in the JOSE object.

clockSkew
integer<int32>

Allowable clock skew in seconds.

clientIdentifier
string

The identifier of the client application whose keys are required for verification of the JOSE object.

signedByClient
boolean

The flag which indicates whether the signature of the JOSE object has been signed by a client application with the client's private key or a shared symmetric key.

Response

resultCode
string

The code which represents the result of the API call.

resultMessage
string

A short message which explains the result of the API call.

valid
boolean

The result of the verification on the JOSE object.

signatureValid
boolean

The result of the signature verification.

missingClaims
string[]

The list of missing claims.

invalidClaims
string[]

The list of invalid claims.

errorDescriptions
string[]

The list of error messages.