VerifySignedJWT

Last update:

May 18, 2026

Description

Verify a signed JWT.

Syntax

verifySignedJWT(token, SignOptions, config)

History

New in ColdFusion (2023 release).

Parameters

Parameter	Description	Required
token	A signed token created by ColdFusion.	Yes
signOptions	Create the signature using the struct below: Key KeyPair - private Key will be used. JWK- JSON Web Keyset URL or file or string. Keystore file, keystore password, keystore alias	Yes
config	A struct with the following values: clockSkew - time in seconds to account for difference between the systems generating and processing the JWT returntype - plaintext/struct	Yes

Returns

A struct containing all the JWT claims. Not all these claims will be present always. Depends on the party creating the JWT.

Example

<cfset k=getKeyPairfromkeystore({  

        "keystore" : "test_jws1.keystore",

        "keystorePassword": "****",  

        "keypairPassword": "****",  

        "keystoreAlias": "contentKey"

    }) >

<cfset c = {

    "algorithm" = "RS256",

    "generateIssuedAt"= true,

"generateJti"=true

}>

<cfset config = {

    "returnType" = "struct"

}>

<cfset verifyjws = VerifySignedJWT(#URL.jws#,k.getPublic(),c)>

<cfdump var="#verifyjws#">

Was this page helpful?

We're glad. Tell us how this page helped.

Found the answer to my problem Understood the instructions Liked the feature

Other suggestions

We're sorry. Can you tell us what didn't work for you?

Didn't find the answer to my problem Couldn't understand the instructions Didn't like the feature

Other suggestions

Thank you for your feedback. Your response will help improve this page.

Was this helpful?

We are sorry the content didn't meet your needs.

Share additional feedback to help us improve.

0/255 | Character limit exceeded.

Thank you so much for sharing your feedback!