Authentication Token
To authenticate with other systems, Alma sometimes uses a JSON Web Token (JWT). The token is signed with the RS256
algorithm. See below for examples of how to validate the token signature.
Download the public key in .pem format
Validation Examples
Validating the token in Node.js:
$ npm install jsonwebtoken
const jwt = require('jsonwebtoken'); const publicKey = require('fs').readFileSync(__dirname + '/public-key.pem'); try { const verified = jwt.verify(tokenValue, publicKey, {algorithm: 'RS256'}); console.log('verified'); } catch (e) { console.log('invalid token', e.message); }
Validating the token in Python:
$ pip install pyjwt $ pip install pyjwt[crypto]
import jwt with open('public-key.pem', 'r') as file: key = file.read() claims = jwt.decode(token, key, algorithms=['RS256']) print(claims)