1

I received an access token from azure ad and try to decode it on a kitura server.

On jwt.io i can decode it successfully but not via the jwt decode routines from kitura sample project. I am using the exact code given by the sample kitura project on github. Has someone used that with an azure token?

Matthias Karl
  • 37
  • 3
  • Would you be able to provide an example token that you are trying to decode? Are you hoping to validate the token or just decode it? Have you created a struct that models the claims you are hoping to decode from the JWT? – Matt Kilner May 21 '19 at 12:16
  • I'm not able to provide an example token. As I have seen decoding goes along with verifying in this sample. Both ways would be awesome. Do i have to completely model the token as a claim? – Matthias Karl May 21 '19 at 12:34
  • Would you be able to provide a link to where you generated to token from? You can use the `.none` verifier to skip verification of the token. This will allow you to tell if the issue is with verification or decoding the JWT. You can use the provided`ClaimsStandardJWT` struct to decode standard claims. If you have any custom claims you want to decode then you need to model them in your own struct. – Matt Kilner May 21 '19 at 12:41
  • ok...it's an issue with the claim. I have a token similar to the sample v1 token from this site: [link to azure](https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens) – Matthias Karl May 21 '19 at 12:57

1 Answers1

2

You should be able to decode the v1 token to a struct without verifying using the following code:

struct AzureJWTClaims: Claims {
    let aud: String
    let iss: String
    let iat: Date
    let nbf: Date
    let exp: Date
    let acr: String
    let aio: String
    let amr: [String]
    let appid: String
    let appidacr: String
    let email: String
    let family_name: String
    let given_name: String
    let idp: String
    let ipaddr: String
    let name: String
    let oid: String
    let rh: String
    let scp: String
    let sub: String
    let tid: String
    let unique_name: String
    let uti: String
    let ver: String
}
let jwt = try? JWT<AzureJWTClaims>(jwtString: "<YourJWTString>", verifier: .none)

If you want to verify the JWT as well you need to create a JWTVerifier from a PEM encoded RSA public key:

let verifier = JWTVerifier.rs256(publicKey: Data("<PEM public key>".utf8))

Then pass this to the decoder:

let verifiedJWT = try? JWT<AzureJWTClaims>(jwtString: "<YourJWTString>", verifier: verifier)
Andrew Lees
  • 36
  • 2