Verify Token is a JWT formatted string, signed using SHA-256 asymmetric signing algorithm (RS256). The Key-Pair used is generated and owned by Application Backend. The private key is used to sign this token by Application Backend, whereas the public key is given to Safous WAAP for its verification process.
The JWT string has 3 parts:
HEADER | PAYLOAD | SIGNATURE |
HEADER
Base-64 encoded JSON string, that contains the signing algorithm used, and media type as per JWT standard. In this case, it uses RSA signature with SHA-256 asymmetric signing algorithm, or value RS256, and with media type as JWT.
PAYLOAD
Base-64 encoded JSON string, that contains the following claims:
- Sub, string, contains value of device_id.
- Label, string, a free format string; in this case it contains idenfitier for the registered application customer.
- Exp, number, contains expiry timestamp in Epoch time, which is defined as the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds.
SIGNATURE
Base-64 encoded signature string, calculated as:
RSASHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), [private_key])
where:
private_key is signing key stored in Application Backend service.
Example
The following is an example developed using Spring Boot for verify token application at the backend. It does not provide any checks, generates Verify Token signed using RS256, and assuming key pair is already generated.
Sample Value:
"verify_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjYzE1MWJlZDE1MzU3NzdiIiwibGFiZWwiOiIwODc4OTcyMjExMjMiLCJleHAiOjE2Nzk4MDM1NjE3NzN9.XQVg3OK9t-cE0jiHbI8hSQY4YkjMJwGC5Z27LoRU8M6n8eyW0PMxc_wjWTUBw0xKOn0I2IvPZdeKWVAiFGDrdy7ddB0n6vCOXsNV807SRIEeJtSyglwiouRIOQ5U0K4sQ0VOc9VbJnM9CyJFct79Qj6LvvRdAuqO9VhAiXcvJkJV1zuyT6q9xOTuNld9F26xlq8nlY0wdxRfW-vYZGNW69klkxmw2vMcbuiF2frIc96o8I0JWHs50reHolNYSpVGFN5DzdKnCIMKLzySDZ1Myx34t-isdq2omoHPvwpG7hDiE38jjgLIP19Q3TE6mzLjlVP0TN127QBIfA-bnElgyA"
Parsed Value:
HEADER
{
"typ": "JWT",
"alg": "RS256"
}
PAYLOAD
{ "sub": "cc151bed1535777b", "label": "087897221123", "exp": 1679803561773}
SIGNATURE
(as Base-64 encoded string)
XQVg3OK9t-cE0jiHbI8hSQY4YkjMJwGC5Z27LoRU8M6n8eyW0PMxc_wjWTUBw0xKOn0I2IvPZdeKWVAiFGDrdy7ddB0n6vCOXsNV807SRIEeJtSyglwiouRIOQ5U0K4sQ0VOc9VbJnM9CyJFct79Qj6LvvRdAuqO9VhAiXcvJkJV1zuyT6q9xOTuNld9F26xlq8nlY0wdxRfW-vYZGNW69klkxmw2vMcbuiF2frIc96o8I0JWHs50reHolNYSpVGFN5DzdKnCIMKLzySDZ1Myx34t-isdq2omoHPvwpG7hDiE38jjgLIP19Q3TE6mzLjlVP0TN127QBIfA-bnElgyA