Function: validateApplicationLevelSignature()
August 29, 2025 ยท View on GitHub
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
โธ validateApplicationLevelSignature(as, ref, options?): Promise<void>
Validates the JWS Signature of either a JWT Response.body or TokenEndpointResponse.id_token of a processed Response
Note
Validating signatures of JWTs received via direct communication between the Client and a
TLS-secured Endpoint (which it is here) is not mandatory since the TLS server validation is used
to validate the issuer instead of checking the token signature. You only need to use this method
for non-repudiation purposes.
Note
Supports only digital signatures.
Parameters
| Parameter | Type | Description |
|---|---|---|
as | AuthorizationServer | Authorization Server Metadata. |
ref | Response | Response previously processed by this module that contained an ID Token or its response body was a JWT |
options? | ValidateSignatureOptions | - |
Returns
Promise<void>
Resolves if the signature validates, rejects otherwise.