CD
Cloudflare Developers12mo ago
Ricardo Viteri

how do I validate a jwt using a jwks in pages?

How can I implement in cloudflare’s runtime a jwt validatation using information from the jwks endpoint ? Any tips?
2 Replies
zegevlier
zegevlier12mo ago
Where are you getting stuck?
Ricardo Viteri
Ricardo Viteri12mo ago
I was stuck with the implementation, but I solved it like this: 
import { AUTH_SERVER_URL } from "$env/static/private";

import jwt from "@tsndr/cloudflare-worker-jwt";

interface JwksResponse {
    keys: Jwk[];
}

interface Jwk {
    alg: string;
    e: string;
    kid: string;
    kty: string;
    n: string;
    use: string;
    x5c: string[];
    x5t: string;
    "x5t#S256": string;
}

async function findKey(jwks: JwksResponse, kid: string) {
    const keys = jwks.keys;
    const key = keys.find((k) => k.kid === kid);
    return key;
}

export async function isJwtValid(token: string): Promise<boolean> {
    if (!token) return false;

    try {
        const decodedToken = jwt.decode(token);
        const kid = decodedToken.header.kid;
        const jwksUrl = `${AUTH_SERVER_URL}/.well-known/jwks.json`;
        const jwksResponse = await fetch(jwksUrl);
        const jwks: JwksResponse = await jwksResponse.json();
        const key: Jwk | undefined = await findKey(jwks, kid);
        if (!key) {
            throw new Error("Public key not found in jwks.json");
        }

        const algorithm = key.alg;
        const isValid = await jwt.verify(token, <JsonWebKey>key, {
            algorithm: algorithm
        });

        console.log("JWT is valid:", isValid);

        return isValid;
    } catch (error) {
        console.error("Failed to validate JWT:", error);
        return false;
    }
}
import { AUTH_SERVER_URL } from "$env/static/private";

import jwt from "@tsndr/cloudflare-worker-jwt";

interface JwksResponse {
    keys: Jwk[];
}

interface Jwk {
    alg: string;
    e: string;
    kid: string;
    kty: string;
    n: string;
    use: string;
    x5c: string[];
    x5t: string;
    "x5t#S256": string;
}

async function findKey(jwks: JwksResponse, kid: string) {
    const keys = jwks.keys;
    const key = keys.find((k) => k.kid === kid);
    return key;
}

export async function isJwtValid(token: string): Promise<boolean> {
    if (!token) return false;

    try {
        const decodedToken = jwt.decode(token);
        const kid = decodedToken.header.kid;
        const jwksUrl = `${AUTH_SERVER_URL}/.well-known/jwks.json`;
        const jwksResponse = await fetch(jwksUrl);
        const jwks: JwksResponse = await jwksResponse.json();
        const key: Jwk | undefined = await findKey(jwks, kid);
        if (!key) {
            throw new Error("Public key not found in jwks.json");
        }

        const algorithm = key.alg;
        const isValid = await jwt.verify(token, <JsonWebKey>key, {
            algorithm: algorithm
        });

        console.log("JWT is valid:", isValid);

        return isValid;
    } catch (error) {
        console.error("Failed to validate JWT:", error);
        return false;
    }
}
Want results from more Discord servers?
Add your server
More Posts
So if you were me a one man teamSo if you were me a one man team developing a saas that’s using cloudflare workers and durable objecDNS records "this hostname is not covered by a certificate"Still have not solved this... causing a lot of pain. We do have universal certificate active, and weFree vs Paid plan for Cloudflare PagesWould it be worth paying for Cloudflare Pages from a latency / loading times perspective? I understaHow to dynamically import jsonExample: ``` import countries from 'i18n-iso-countries'; countries.registerLocale(await import(`i18nIt works on my machine™I am having an issue that I cannot get my head around. My pages url is: https://vhs.pages.dev/ WhenRefused to execute script because its MIME type ('text/html') is not executableHey, I deployed my next.js site with clerkdev authentication on cloudflare. I get this error in co