Skip to content

Token Endpoints

MethodResourcePurpose
GET/tokens/:tokenVerifies an access token and returns its payload if valid

GET /tokens/:token

Verifies an access token and returns its payload if valid. The returned payload adheres to the RFC7519 specifications.

Parameters

ParameterTypeMandatoryDescription
:tokenPathYesThe access token to verify

Response

interface JwtPayload {
sub: string; // the user's email address
aud: string; // the domain where this user has granted access
iss: string; // the issuer (i.e. nopwd.io)
exp: number; // the expiration time of this token (POSIX time in seconds)
iat: number; // the issuance time of this token (POSIX time in seconds)
jti: string; // a unique identifier for the authentication flow
amr: string[]; // a list of authentication methods used to generate this token, e.g., "webauthn" or "magiclink"
}
CodeDescription
200The token is valid and has not expired
400The access token is malformed
401The access token is invalid (expired signature key or incorrect token signature)
403The access token has an incorrect issuer (iss != nopwd.io)
404The access token is valid but has expired (exp < now)

Usage

const response = await fetch(`https://api.nopwd.io/v0/tokens/${access_token}`);
const jwt = <JwtPayload>response.json();