Complete token verification example

Out-of-band Token Verification

Verifying DC/OS Authentication tokens out-of-band

The Bouncer’s JWKS endpoint () provides the public key details required for verifying the signature of type RS256 JWTs issued by Bouncer. The JSON document data structure emitted by that endpoint is compliant with . Within that data structure, the public key is parameterized according to RFC 7518.

Here is an example response:

Use the tool of your choice to generate the public key representation that you will need to validate the authentication token.

Here is a Python example based on the cryptography module (which uses OpenSSL as its back-end). This example generates a public key object from a given exponent and modulus directly.

The decode method verifies the token signature and expiration time and raises an exception if the token is invalid.

This example validates an authentication token. Here is the example token

The response indicates that this is a valid authentication token for .