Authentication Token

To authenticate with other systems, Alma sometimes uses a JSON Web Token (JWT). The token is signed with the RS256 algorithm. See below for examples of how to validate the token signature.

Validation Examples

Validating the token in Node.js:

$ npm install jsonwebtoken
const jwt = require('jsonwebtoken');

const publicKey = require('fs').readFileSync(__dirname + '/public-key.pem');
try {
  const verified = jwt.verify(tokenValue, publicKey, {algorithm: 'RS256'});
} catch (e) {
  console.log('invalid token', e.message);

Validating the token in Python:

$ pip install pyjwt
$ pip install pyjwt[crypto]
import jwt

with open('public-key.pem', 'r') as file:
    key =
    claims = jwt.decode(token, key, algorithms=['RS256'])