Question

Jwt - Verify token validity from App

0

Hi, I'm new to Mendix. I'm developing an app that makes Rest Api calls. The first time I authenticate and a jwt token is returned, subsequent calls are made using the token from the first call. Is there a way/plugin on the app to simply verify that the token hasn't expired before making the backend calls and how to do the verification if any? Thanks in advance. E.I.

asked 2023-01-30

Enzo Iannitelli

2 answers

Dinesh Kumar · Answer 1 · 2023-01-30

Hi Enzo Iannitelli,

Is your Mendix application creating the jwt token?

if so you can create an entity to store the JWT token and store the Expiry date as well. you can then run a scheduler to delete the tokens which have expired.

In your rest call first validate the jwt token and if expired set the response message accordingly.

If the JWT token is not created by your Mendix app, then you will have to check with the vendor who is providing the JWT, do they have any mechanism to check if it expired.

Hope it helps!!

Johan Flikweert · Answer 2 · 2023-02-04

Hi Enzo,

The marketplace module JWT provides an easy validation flow for these tokens (nbf, iat, exp, etc.). ~~Don't forget to also verify the signature by providing the public key.~~ That suggestion is mainly if you use it for published API's, but you're consuming. 😅