Verify a message
Verifies the signature of a provided JWS (JSON Web Signature), validating that the payload has not been tampered with and verifying that the kid in the JWS header is the same as the iss
value in the Request Object.
One use case for verifying a JWS with a DID is when the Mobile Wallet App sends a Request Object to an OpenID Provider as part of the Authorization Code Flow (as per https://openid.net/specs/openid-connect-core-1_0-final.html#RequestObject). The Request Object is wrapped in a JWS with a signature that is generated from the Subject DID on the mobile app. Therefore verifying the JWS proves that the mobile app has access to the private key of the Subject DID.
Analytics Events
Roles
/v1/messaging/verify
In: header
Provide the JWS to verify
JWS (JSON Web Siganture) in its compact form.
Response Body
curl -X POST "https://example.vii.au01.mattr.global/v1/messaging/verify" \ -H "Content-Type: application/json" \ -d '{ "jws": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" }'
{
"payload": "payload",
"didUrl": "did:web:organization.com#2vcj3MjR4d",
"did": "did:web:organization.com",
"verified": true,
"signerPublicJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "oQvDM6MvUdcgRCqKGJOgteRC9U06_x7bFtY0T-MJ1rQ"
}
}
{
"code": "BadRequest",
"message": "Verification failed"
}
How would you rate this page?