Home
API Reference
Start typing to search…

Verify and Extract Data from Tokens

// Get the key set from .../.well-known/jwks.json
const jwks = await getJWKS()

// Verify the signature and extract the token header and payload 
const verifier = jose.createLocalJWKSet(jwks)
const { payload, protectedHeader } = await jose.jwtVerify(
  token.token,
  verifier,
  {
    issuer: 'https://app.skyfire.xyz',
    ...
  }

Claims to Verify

  • In kya tokens (typ is kya+JWT)
    • Signature
    • alg claim is ES256
    • iat claim is in the past
    • iss claim is set to https://app.skyfire.xyz
    • jti claim is set to a UUID
    • aud claim is set to your Skyfire agent account ID
    • sub claim is set to a UUID
      • This is the buyer agent account ID
    • exp claim is now or in the future
    • verclaim is set to 1
    • env claim is production
    • (ssi claim is set to your Skyfire seller service ID) OR (sdm claim is set to your seller domain AND srl claim is also set to your seller domain or a URL on your seller domain)
    • The bid claim contains the buyer principal's identity fields in a key-value map (JSON object)
    • The apd claim contains the buyer agent platform's identity fields in a key-value map (JSON object)
    • The aid claim contains the buyer agent's identity fields in a key-value map (JSON object)
  • In pay tokens (typ is pay+JWT)
    • Signature
    • alg claim isES256
    • iat claim is in the past
    • iss claim is set to https://app.skyfire.xyz
    • jti claim is set to a UUID
    • aud claim is set to your Skyfire agent account ID
    • sub claim is set to a UUID
      • This is the buyer agent account ID
    • exp claim is now or in the future
    • verclaim is set to 1
    • env claim is production
    • (ssi claim is set to your Skyfire seller service ID) OR (sdm claim is set to your seller domain AND srl claim is also set to your seller domain or a URL on your seller domain)
    • value claim is > 0
    • amount claim is > 0
    • cur claim is set to USD
    • stp claim is one of COIN, CARD or BANK
    • sticlaim contains the meta information for payment settlement depending on the settlement type (JSON object)
    • spr claim matches the price that you configured in your seller service
    • sps claim matches the pricing scheme that you configured in your seller service
  • In kya+pay tokens (typ is kya+pay+JWT)
    • Execute both kya and pay token validations as above
  • NOTE: We recommend caching the jwks.json (https://app.skyfire.xyz/.well-known/jwks.json) file for 60 minutes

Reference Implementations of Token Verification