JWT Token Verification
Client-side JWT token verification with audience and issuer validation
Verify JWT Token
What is JWT?
JWT (JSON Web Token) is a compact, URL-safe means of representing claims to be transferred between two parties. It uses Ed25519 signatures for secure verification.
- No algorithm confusion attacks
- Strong Ed25519 signatures
- Edge-compatible verification
- Client-side decoding without signature verification
Token Claims
Audience (aud)
Identifies the intended recipient of the token. Must match your app ID.
Issuer (iss)
The authority that issued the token. Typically the auth service URL.
Subject (sub)
The user or entity the token represents.
SDK Integration
import { useJWT } from '@heliorim/sdk-react';
const { decodeToken, isTokenExpired, isValidToken } = useJWT(token);
// Decode token client-side (unsafe - no signature verification)
const decoded = decodeToken(token);
// Check if token is expired
if (isTokenExpired(token)) {
console.log('Token has expired');
}
// Check if token is valid format
if (isValidToken(token)) {
console.log('Token is valid format');
}
// Access claims:
console.log(decoded.payload.sub); // User ID
console.log(decoded.payload.exp); // Expiration
console.log(decoded.payload.aud); // Audience