POC: Validate JWT with iRule

Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.

Short Description

This is a proof of concept iRule to decode and validate a JWT submitted in the HTTP Authorization header. It supports only JWT's signed with RS256 and was roughly tested with Azure, Okta and ADFS tokens.

It is not designed for production usage, especially there are more checks required to comply with https://datatracker.ietf.org/doc/html/rfc7519#section-7.2.

Problem solved by this Code Snippet

Decode and validate a JWT with an iRule.

How to use this Code Snippet

Attach it to a VS and adapt the public key(s) and key id(s).

Code Snippet Meta Information

  1. Version: POC
  2. Coding Language: iRule

Full Code Snippet




Updated Jan 19, 2024
Version 3.0

Was this article helpful?