We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

How to validate JWT security tokens

In this article

    Lets' take a look at what the simplest possible security token validation might look like.

    All security token responses are Base64 encoded strings of either a SAML or JWT token. We strongly recommend that you use JWT tokens and not SAML!

    The main class for processing tokens is SuperIdTokenHandler in the SuperOffice.SuperID.Client DLL. 

    If you don't have access to the certificate store, you must substitute this procedure with a validation override.

    Pre-req:

    • All 3 certificates are installed correctly
    • A correct thumbprint is defined in the SuperIdCertificate appSettings section

    Procedure:

    1. Decode the token from Base64 to a string. This results in a JSON string.

    2. Use an appropriate certificate validation library and the public SuperOffice certificate to validate the token:

      1. Instantiate a SuperIdTokenHandler
      2. Invoke the ValidateToken method and pass a JWT token
    3. If and only if the token is valid, accept the claims and proceed accordingly:

      • Receive a SuperIdToken populated with the resulting claims

    public SuperIdToken ValidateToken(string token)
    {
        var tokenHandler = new SuperIdTokenHandler();
        return tokenHandler.ValidateToken(token, TokenType.Jwt);
    }

    If you for some reason need to use SAML tokens, simply substitute token type in step 2 (TokenType.Saml) and pass your SAML token. SuperIdTokenHandler hides the slight differences between SAML and JWT tokens.

    Assemblies and helper libraries

    SuperOffice provides the SuperOffice.Crm.Online.Core NuGet for processing online requests. It contains the following assemblies:

    • SuperOffice.Online.Core
    • SuperOffice.SuperID.Client
    • SuperOffice.SuperID.Contracts

    We also provide .NET helper libraries, which you can download.