Skip to content

Validate and parse tokens using SDKs

We recommend starting with our SDK section for authentication for any SDK trying to connect to Trimble Identity. You can fetch the JSON Web Keys’s public URI from our well-known configurations here:

See more information in our JWT Validation section.

JavaScript

Python

C# .NET

Third-Party libraries

If you are not using one of our SDKs that perform JWT validation and parsing for you, you can parse and validate a JWT using third-party library from JWT.io.

We strongly recommend that you use our SDKs or one of the existing open source third-party libraries to parse and validate JWTs. At JWT.io, you can find libraries for various platforms and languages.

Most third-party libraries implement one method to verify a JWT and build in various arguments to allow you to customize the verification. For example, if you are using Node.js and the node-jsonwebtoken library, then you would call the jwt.verify() method. There are several Python libraries have sufficient examples. For .NET, Jose JWT has a good API to validate JWT.

Here are some guidelines for utilizing third-party libraries:

  • When extracting claims from a JWT, rely on the verify() method to validate both the claims and the signature. Avoid using the decode() method to validate a token, especially if it’s coming from a public client.
  • Pay close attention to the instructions provided for your chosen library. Default values or configurations might introduce security risks if not configured properly.