Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
▸ validateApplicationLevelSignature(as, ref, options?): Promise<void>
Validates the JWS Signature of either a JWT Response.body or TokenEndpointResponse.id_token of a processed Response
Note
Validating signatures of JWTs received via direct communication between the Client and a TLS-secured Endpoint (which it is here) is not mandatory since the TLS server validation is used to validate the issuer instead of checking the token signature. You only need to use this method for non-repudiation purposes.
Note
Supports only digital signatures.
| Parameter | Type | Description |
|---|---|---|
as |
AuthorizationServer |
Authorization Server Metadata. |
ref |
Response |
Response previously processed by this module that contained an ID Token or its response body was a JWT |
options? |
ValidateSignatureOptions |
- |
Promise<void>
Resolves if the signature validates, rejects otherwise.