JWT format

JWT is a JSON Web Token

Please consult RFC7517 for more information about the JWK specification.

The website jwt.io is a helper to decrypt and validate JWTs.

Each request to "Bank Auth Service" contains a JWT with attributes (claims):

  1. [subject] who initiated the operation (employee, technical user)

  2. [object] a user to be manipulated, of 2 natures:

    1. key keeper (for identification and processing accounts)

    2. customer

An example of JWT token payload:

{
  "flow": "sign-in" // enum - see below
  "obj": "123456789", // object
  "sub": "[email protected]", // subject
  "iat": 1684501806, // issued at
  "exp": 1684501806, // expires at
}
576B
jwt.txt
Example of a JWT file

JWT can be validated against a public key by kid (key list is published at /api/v1/.well-known/jwks.json). For testing purposes you can use an attached key (below) to validate the sample JWT (from above).

470B
pubkey.json
Public key used in Stage environment

Parameter flow can have the following values:

  • sign-in - authorization of client's operation (for example, payment);

  • sign-up - creation of a new client or account;

  • sign-up-processing - creation of a processing account;

  • sign-up-emission - creation of an identification account;

PreviousBank authorizationNextEmlpoyee

Last updated