Validate and parse tokens using SDKs
We recommend starting with our SDK section for authentication for any SDK trying to connect to Trimble Identity. You can fetch the JSON Web Keys’s public URI from our well-known configurations here:
See more information in our JWT Validation section.
Recommended libraries for authorizing with our Identity SDK
JavaScript
- Validate tokens using JS SDK
- You can find the sample code here
Python
- Validate tokens using Python SDK
- You can find the sample code here
C# .NET
- Validate tokens using C# SDK
- You can find the sample code here
Third-Party libraries
If you are not using one of our SDKs that perform JWT validation and parsing for you, you can parse and validate a JWT using third-party library from JWT.io.
We strongly recommend that you use our SDKs or one of the existing open source third-party libraries to parse and validate JWTs. At JWT.io, you can find libraries for various platforms and languages.
Most third-party libraries implement one method to verify a JWT and build in various arguments to allow you to customize the verification. For example, if you are using Node.js and the node-jsonwebtoken library, then you would call the jwt.verify() method. There are several Python libraries have sufficient examples. For .NET, Jose JWT has a good API to validate JWT.
Here are some guidelines for utilizing third-party libraries:
- When extracting claims from a JWT, rely on the verify() method to validate both the claims and the signature. Avoid using the decode() method to validate a token, especially if it’s coming from a public client.
- Pay close attention to the instructions provided for your chosen library. Default values or configurations might introduce security risks if not configured properly.