Transaction Confirmation - Client Verification

This section refers to the client verification phase as part of the 3 phase transaction confirmation for Android and iOS as described on the below pages:


Step 1: JWT has 3 components: Header, Payload, and Signatures. Here is a sample of the Header (which you will need for client verification):

"alg": "ES256",
"typ": "JWT",
"kid": "f82151ed-cdc4-447c-bb80-981bfbcc2497"

Step 2: Based on the header information on JWT header, you can grab the public key by using<key id here>

This will return the public key certificate.

Step 3: Then use the package in JWT recommended on based on your programming language you are using. You will then need to validate the signatures based on the public key obtained from the URL.

Step 4: Ensure that the hash of the transaction details as specified in the JWT is correct.

Step 5: Ensure that the nonce as specified in the JWT matches the nonce that was passed into the initial transaction confirmation API call.

Step 6: Ensure the other data in the JWT (e.g. user, audience) is as expected.

The JWT payload contains identification information about a given user, and any other transaction-level data:

interface IJWTPayload {
/**The user id**/
sub: string;
/**The namespace id**/
nid: string;
/**Identifies the principal that issued the JWT ('' or rpId)**/
iss: string;
/**The client id**/
aud: string;
username: string;
/**Type of action taken**/
action: string;
/**Issued at**/
iat: number;
/**Transaction hash**/
tx_hash: string;
/** Nonce**/
nonce: string;