How it works
- A user opens a Cobo Portal App on Cobo Portal.
- Cobo Portal renders the app in an iframe.
- The app requests a User Info Token from Cobo Portal.
- Cobo Portal provides the User Info Token.
- The app requests JSON Web Key Set (JWKS) from Cobo Portal.
- Cobo Portal provides the JWKS.
- The app decodes and verifies the User Info Token using the JWKS.
Please use the algorithm specified in the
alg
field of the JWT header to perform the verification.
Request a User Info Token
To obtain a User Info Token, follow these steps:- Install Cobo UI Toolkit by running the following command:
- Use the
getAuthInfo
function provided by Cobo UI Toolkit:
Validate a User Info Token
Validate the User Info Token with the JWKS. To retrieve JWKS, send an HTTP GET request to the appropriate URL based on the environment in which your app is used:- Production environment:
https://api.cobo.com/v2/oauth/authorize/jwks.json
- Development environment:
https://api.dev.cobo.com/v2/oauth/authorize/jwks.json
iss
(issuer), exp
(expiration ), and aud
(audience) fields are correct.
Feel free to share your feedback to improve our documentation!