| Method | Ressources | Purpose |
|---|
| GET | /tokens/:token | Verifies an access token and returns its payload if valid |
GET /tokens/:token
Verifies an access token and returns its payload if valid.
The returned payload respects the RFC7519 specs.
Parameters
| Param | Type | Mandatory | Description |
|---|
token | Path | Yes | The access token to verify |
Response
sub: string; // the user's email address
aud: string; // the domain where this user has given access to
iss: string; // the issuer (i.e. nopwd.io)
exp: number; // when this token will expired (POSIX time in sec)
iat: number; // when this token has been issued (POSIX time in sec)
jti: string; // a unique identifier to the auth flow
amr: string[]; // a list of authentication method used to generate this token "webauthn" or "magiclink" for now
| Code | Description |
|---|
| 200 | This token is valid and has not expired |
| 400 | The access token is malformed |
| 401 | The access token is invalid (expired signature key or wrong token signature) |
| 403 | The access token has a wrong issuer (iss != nopwd.io) |
| 404 | The access token is valid but has expired (exp < now) |
Usage
const response = await fetch(`https://api.nopwd.io/v0/tokens/${access_token}`);
const jwt = <JwtPayload>response.json();
