Hi all,
I have seen that the decodeJWT function of JWT Tools plug-in returns the decoded token but only if the signature is valid, otherwise it returns null. This function needs jwks url to retrieve the proper public key and validate the given token.
Does anyone know if there is a way to decode a JWT without validating the signature? It is possible to decode a JWT with a private key stored in scs? Is there any other plug-in to create and validate JWTs?
Thanks in advance.
Discussion posts and replies are publicly visible
I think that the whole point of a JWT validation is, that you first validate the signature using the public key. If you can't do that any further process is pointless.
The client has told us that the tokens will arrive encrypted to Appian, so the first thing we have to do is decrypt them with a private key stored in scs (I don't know if the Encryption Functions plug-in will help us) and then validate the signature with the public key stored in jwks (we can do this with the decodeJWT function of JWT Tools plug-in).