Skip to contents

Decode and Verify a JWT Token

Source: R/helpers.R
verify_token.Rd

Attempts to decode and verify a JSON Web Token (JWT) using an HMAC secret. Returns the decoded payload if valid, or `NULL` if verification fails.

Usage

verify_token(token, secret)

Arguments

token

A character string representing the JWT token (e.g., from an HTTP header).

secret

A raw or character vector used as the HMAC secret for verification. Defaults to the global `secret_key` variable, which should be securely set (e.g., via `Sys.getenv("JWT_SECRET")`).

Value

A list representing the decoded JWT payload if the token is valid; otherwise, `NULL` if decoding fails or the token is invalid/expired.

See also

[jose::jwt_decode_hmac()], [Sys.getenv()]

Examples

if (FALSE) { # \dontrun{
library(jose)
token <- jwt_encode_hmac(list(user_id = "abc123"),
secret = charToRaw("my-secret"))
verify_token(token, secret = charToRaw("my-secret"))
} # }