azurejwtazure-active-directorykitura

How to decode a jwt from azure active directory in kitura?


I received an access token from azure ad and try to decode it on a kitura server.

On jwt.io i can decode it successfully but not via the jwt decode routines from kitura sample project. I am using the exact code given by the sample kitura project on github. Has someone used that with an azure token?


Solution

  • You should be able to decode the v1 token to a struct without verifying using the following code:

    struct AzureJWTClaims: Claims {
        let aud: String
        let iss: String
        let iat: Date
        let nbf: Date
        let exp: Date
        let acr: String
        let aio: String
        let amr: [String]
        let appid: String
        let appidacr: String
        let email: String
        let family_name: String
        let given_name: String
        let idp: String
        let ipaddr: String
        let name: String
        let oid: String
        let rh: String
        let scp: String
        let sub: String
        let tid: String
        let unique_name: String
        let uti: String
        let ver: String
    }
    let jwt = try? JWT<AzureJWTClaims>(jwtString: "<YourJWTString>", verifier: .none)
    

    If you want to verify the JWT as well you need to create a JWTVerifier from a PEM encoded RSA public key:

    let verifier = JWTVerifier.rs256(publicKey: Data("<PEM public key>".utf8))
    

    Then pass this to the decoder:

    let verifiedJWT = try? JWT<AzureJWTClaims>(jwtString: "<YourJWTString>", verifier: verifier)