search

JWT format

JWT is a JSON Web Token

circle-info

Please consult RFC7517arrow-up-right for more information about the JWK specification.

The website jwt.ioarrow-up-right is a helper to decrypt and validate JWTs.

Each request to "Bank Auth Service" contains a JWT with attributes (claims):

  1. [subject] who initiated the operation (employee, technical user)

  2. [object] a user to be manipulated, of 2 natures:

    1. key keeper (for identification and processing accounts)

    2. customer

An example of JWT token payload:

{
  "flow": "sign-in" // enum - see below
  "obj": "123456789", // object
  "sub": "[email protected]", // subject
  "iat": 1684501806, // issued at
  "exp": 1684501806, // expires at
}
file-download
576B
jwt.txt
arrow-up-right-from-squareOpen
Example of a JWT file

JWT can be validated against a public key by kid (key list is published at /api/v1/.well-known/jwks.json). For testing purposes you can use an attached key (below) to validate the sample JWT (from above).

file-download
470B
pubkey.json
arrow-up-right-from-squareOpen
Public key used in Stage environment

Parameter flow can have the following values:

  • sign-in - authorization of client's operation (for example, payment);

  • sign-up - creation of a new client or account;

  • sign-up-processing - creation of a processing account;

  • sign-up-emission - creation of an identification account;

PreviousBank authorizationNextEmlpoyee

Last updated