Skip to content

JWT VALIDATE OPTIONAL PARAMS

Data Type : Security
JWT_VALIDATE_OPTIONAL_PARAMS - Validates a signed JWT access token.

#include <bsafe.h>

Definition :

typedef struct {
char *pszCustomClaimName;
ResourceCallback AllowedResource;
ClientCallback AllowedClientID;
void *vpCallerContext; /* caller context data to be passed back to caller */ 
} JWT_VALIDATE_OPTIONAL_PARAMS;

Description :

Validates a signed JWT access token.
define fJWT_validate_AllowExpired 0x00000001 // Treat expired JWTs as valid. Should only be used for testing purposes
define fJWT_validate_AllowMSWorkarounds 0x00000002 // Equivalent to setting the "Allow Microsoft Workarounds" checkbox in idpcat. See the feature documentation for details.
define fJWT_validate_UseCustomEmailClaim 0x00000010 // Indicates that vpOptionalParams points to a JWT_VALIDATE_OPTIONAL_PARAMS structure with a non-NULL pszCustomClaimName holding the name of the JWT Claim to be used instead of "email" when finding the user's name.
define fJWT_validate_AllowAlternateAud 0x00000020 // Indicates that vpOptionalParams points to a JWT_VALIDATE_OPTIONAL_PARAMS structure with a valid AllowedResource callback function pointer. This callback will be invoked for each aud Claim in the JWT and should return TRUE if the value matches an allowed resource for this site.
define fJWT_validate_EnforceAllowedClients 0x00000040 // Indicates that vpOptionalParams points to a JWT_VALIDATE_OPTIONAL_PARAMS structure with a valid AllowedClientID callback function pointer. This callback will be invoked with the azp Claim if any in the JWT and should return TRUE if this azp Claim value matches the client_id for an OAuth client that is allowed to access this site.

See Also : SECTOKENFREE SECTOKENGENERATE