Verifying user key from a token in Node

mehmetkose · June 22, 2018, 8:07pm

I’m doing this;

import { decodeToken, TokenVerifier } from “jsontokens”;
…
const parameters = UrlParser(req.url, true);
const decodedToken = decodeToken(parameters.query.token);
const publicKey = decodedToken.payload.iss;

this is how I got user publicKey, but I couldn’t figure out how can I verify the key. In this case, I have only user token which I’m sending from react app.

any help?

aaron · June 22, 2018, 8:40pm

Hey @mehmetkose –

You can verify that key signed the token like so:

Example from https://github.com/blockstack/jsontokens-js#verifying-tokens:

import { TokenVerifier } from 'jsontokens'
const rawPublicKey = '03fdd57adec3d438ea237fe46b33ee1e016eda6b585c3e27ea66686c2ea5358479'
const verified = new TokenVerifier('ES256K', rawPublicKey).verify(token)

If you are trying to verify that a token was signed by a particular address (e.g., like profiles are signed by the name’s owner address), you can verify that the public key is the expected one like so:

blockstack.publicKeyToAddress(publicKey) === expectedAdress

mehmetkose · June 22, 2018, 9:05pm

Seems like exactly what I’m looking for. I’ll try.
Thanks.

mehmetkose · June 25, 2018, 11:21am

BTW where can I get rawPublicKey ?
I have only user object.
@aaron