JWT Verification

Introduction

Verifying the innerworks response JWT using the innerworks JWKS endpoint.

The Response Payload

If VPN detection is chosen as one of the detection types and is set to live, a VPN detection result will be included in the JSON response in the form of a JWT.

This response needs to be validated using a backend connection, to ensure it has not been tampered with.

Verification

To confirm the validity of the JWT on your backend, call the innerworks JWKS endpoint. This will return a JSON that can be used to confirm the validity of the JWT.

Note

We are using the jose NPM package below, this is not mandatory

const handleResultFetching = async () => {
 try {
    const token = bearerToken;
    if (!token) { throw new Error('No token provided') }

    // Fetch JWKS
    const apiUrl = 'https://api.prod.innerworks.me/api/v1/.well-known/jwks.json';
    const keyStore = createRemoteJWKSet(new URL(apiUrl));

    // Verify the Token
    const { payload, protectedHeader } = await compactVerify(token, keyStore);

    // View Decoded Payload
    const decodedPayload = JSON.parse(new TextDecoder().decode(payload));
 } catch (error) {
    console.error('Token verification failed:', error);
 }
};