Hey folks,
I’m trying to validate the access token we get back from the Genesys Cloud implicit grant flow in our React app. We’re using this token to fetch WFM adherence data via a backend service, but I want to verify it’s still valid on the client side before making the call.
I’ve been using the jwt-decode library to parse the payload, but I’m not sure how to verify the signature or check the exp claim properly. Here’s what I’ve got so far:
import { jwtDecode } from 'jwt-decode';
const validateToken = (token) => {
try {
const decoded = jwtDecode(token);
if (decoded.exp * 1000 < Date.now()) {
return false; // Token expired
}
return true;
} catch (e) {
return false;
}
};
The issue is that jwt-decode doesn’t verify the signature. I know I should be checking against the public keys from https://api.mypurecloud.com/api/v2/authorization/keys, but I’m not sure how to implement that in the browser. Do I need to fetch those keys every time? Also, is there a better way to handle this than rolling my own validation?
I’m seeing some intermittent errors where the token seems valid but the API still returns a 401. Not sure if it’s a clock skew issue or something else.