// Get the key set from .../.well-known/jwks.json
const jwks = await getJWKS()
// Verify the signature and extract the token header and payload
const verifier = jose.createLocalJWKSet(jwks)
const { payload, protectedHeader } = await jose.jwtVerify(
token.token,
verifier,
{
issuer: 'https://api.skyfire.xyz/',
...
}
You can verify one or more of the following
- In ‘kya’ tokens (‘typ’ is ‘kya+JWT’)
- Signature
- ‘alg’ claim is ‘ES256’
- ‘ssi’ claim is set to your Skyfire seller service ID
- ‘iat’ claim is in the past
- ‘exp’ claim is now or in the future
- ‘iss’ claim is set to ‘https://api.skyfire.xyz/’
- ‘jti’ claim is set to a UUID
- ‘aud’ claim is set to your Skyfire agent account ID
- ‘sub’ claim is set to a UUID
- This is the buyer agent account ID
- The ‘bid’ claim contains the buyer identity fields in a key-value map (JSON object)
- In ‘pay’ tokens (‘typ’ is ‘pay+JWT’)
- Signature
- ‘alg’ claim is ‘ES256’
- ‘ssi’ claim is set to your Skyfire seller service ID
- ‘iat’ claim is in the past
- ‘exp’ claim is now or in the future
- ‘iss’ claim is set to ‘https://api.skyfire.xyz/’
- ‘jti’ claim is set to a UUID
- ‘aud’ claim is set to your Skyfire agent account ID
- ‘sub’ claim is set to a UUID
- This is the buyer agent account ID
- ‘value’ claim is > 0
- ‘amount’ claim is > 0
- ‘cur’ claim is set to ‘USD’
- ‘sps’ claim matches the pricing scheme that you configured in your seller service
- ‘spr’ claim matches the price that you configured in your seller service
- In ‘kya+pay’ tokens (‘typ’ is ‘kya+pay+JWT’)
- Both ‘kya’ and ‘pay’ token validations as above