SohojXDocumentation

Verify JWTs

JWKS, issuer, audience, and claims.

Access tokens and ID tokens are signed with RS256. Fetch public keys from the JWKS endpoint and validate on every API request.

JWKS
GET https://platform.sohojx.com/.well-known/jwks.json
  • Verify signature using the key id (kid) in the JWT header.
  • Check iss matches your issuer (https://platform.sohojx.com).
  • Check exp and optional aud for your application.
  • Read sub, email, email_verified, name, picture from claims.
OpenID discovery
GET https://platform.sohojx.com/.well-known/openid-configuration
Verify JWTs · Central Auth Docs | SohojX Platform