validateToken()
(or similar) function.
Token Validation
The session-token is a JWT that requires validation. ThevalidateToken()
(or similar) function performs the following tasks:
- Verifies the JWT signature using Corbado’s public keys (JWKS).
- Checks the token’s expiration, validity, and other claims.
- Returns the decoded claims if the token is valid, or throws an error if it is not.
Implementation
Below is an example of how to use thevalidateToken()
function. As previously mentioned, by default, the session-token is stored in a cookie and sent to your backend. You will need to retrieve this cookie based on the HTTP framework you are using.
You can find instructions for installing and initializing the Corbado Node.js SDK in the official README.
Why is this important?
- Ensures only valid, untampered tokens are accepted.
- Protects your backend endpoints from unauthorized access.
- Handles key rotation and validation logic for you.