Page Comparison

...

This response hold keys you can use to verify the access_token and id_token from our system.

To verify the responses

There are ready-made tools available for most programming languages that can be used to verify JWT signatures. Below is a small code example in C# that hopefully makes it clearer:

Code Block

public bool VerifyJwt(string token, string secretKey, string audience, string issuer)
{
    try
    {
        byte[] certificateData = Convert.FromBase64String(secretKey);
        X509Certificate2 certificate = new X509Certificate2(certificateData);
        X509SecurityKey securityKey = new X509SecurityKey(certificate);        // Define token validation parameters
        var tokenHandler = new JwtSecurityTokenHandler();
        var validationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = securityKey,
            ValidateIssuer = true, // Set to true if you want to validate the issuer
            ValidIssuer = issuer, // Replace with the expected issuer
            ValidateAudience = true, // Set to true if you want to validate the audience
            ValidAudience = audience, // Replace with the expected audience
            ValidateLifetime = true,
            ClockSkew = TimeSpan.Zero
        };        
        // Parse and validate the token
        SecurityToken validatedToken;
        var principal = tokenHandler.ValidateToken(token, validationParameters, out validatedToken);        // You can access the claims in the token via the principal.Claims property if needed.
        // For example:
        // var userId = principal.Claims.FirstOrDefault(c => c.Type == "sub")?.Value;        // If the token is valid, the validation process will not throw an exception.
        // So, if you reach this point, the token is valid.
        return true;
    }
    catch (Exception)
    {
        // If an exception is thrown, the token is not valid.
        return false;
    }
}

To verify the signatures

You receive PKCS7 or PKCS1 signature, depending on which method you are using.

...

To verify that the user's certificate you receive in the response is correct, you can use our intermediate certificate and the root certificateroot certificate

See list of certificates here under “Skilríki” https://repo.audkenni.is/

For Testing environment:

Intermediate certificate: https://repo.audkenni.is/Skilriki/certs/FAP2021test.cer
Root certificate: https://repo.audkenni.is/Skilriki/certs/IslandsrotTest2021.cerMore details here: https://repo.audkenni.is/Skilriki/profanir.cfm

For Production environment:

Intermediate certificate:
- Fullgilt audkenni 2021 - Valid from 09.09.2021 to 09.09.2036: https://skrar.audkenni.is/skilrikjakedjur/islandsrot/Fullgiltaudkenni2021.cer
- Fullgilt audkenni - Valid from 16.11.2017 to 16.11.2032: https://skrar.audkenni.is/skilrikjakedjur/islandsrot/older/Milliskilriki.cerMore details here: https://repo.audkenni.is/Skilriki/milliskilriki.cfm
Root certificate:
- Islandsrot 2021 - Valid from 09.09.2021 to 09.09.2051: https://skrar.audkenni.is/skilrikjakedjur/islandsrot/Islandsrot2021.cer
- Islandsrot - Valid from 02.12.2015 to 02.12.2055: https://skrar.audkenni.is/skilrikjakedjur/islandsrot/older/Islandsrot.cerMore details here: https://repo.audkenni.is/Skilriki/rotarskilriki.cfm

Versions Compared

Old Version 18

New Version Current

Key

To verify the responses

To verify the signatures