How to verify an Auth0 JWT in a Marketing Cloud Page

We have a requirement to do a verification of a JWT in a SFMC Cloud Page, as we have a site with Client Side JavaScript calling the cloud page and there is no security in SFMC for Cloud Pages.
I’ve managed to parse the token, but had to call another endpoint do the the verification.
Is there a way to verify the signature using the header algorithm inside SFMC?

Here is my code/logic:

Cloud Page:

    %%[
     SET @token = RequestParameter("token")
     SET @env = RequestParameter("env")
     SET @responseObjStr = ContentBlockByKey("validateToken") 
    ]%%

validateToken:

    <script runat="server">
    /*
    * This content block will perform the validation of a JWT to Auth0
    * @params token auth0 token
    * @params env Environment of token (DEV, SIT, UAT, PROD)
    * @result responseObj Status (Success/Error),Test (true for non Prod, null for Prod) PcsId,Email,Message (Only if Error Status)
    */
    Platform.Load("core", "1.1");
    /* This function pads a string with characters */
    String.prototype.padRight = function(n, pad) {
        t = this;
        if(n > this.length) {
            for(i = 0; i < n-this.length; i++) {
                t += pad;
            }
            return t;
        }
    }
    var token = Variable.GetValue("@token");
    var payload = token.split(".")[1];
    payload = payload.replace(/-/g,"+");
    payload = payload.replace(/_/g,"/");
    try {
        Variable.SetValue("@decodeStr",Platform.Function.Base64Decode(payload,"UTF-8"));
    } catch (e) {
        payload = payload.padRight(payload.length + (4 - payload.length % 4) % 4, '=');
        Variable.SetValue("@decodeStr",Platform.Function.Base64Decode(payload,"UTF-8"));
    }
    var status = "Error";
    var pcsid = null;
    var email = null;
    var message = null;
    var firstName = null;
    var lastName = null;
</script>
        %%[
        SET @urlRows = LookupRows(@Auth0De,"Environment",@env)
        IF(RowCount(@urlRows) == 1) THEN
            SET @url = Field(Row(@urlRows,1),"Url")
            SET @Test = Field(Row(@urlRows,1),"TestFlag")
        ENDIF
        ]%%
<script runat="server">
    try {
        var url = Variable.GetValue("@url");
        var tokenData = Platform.Function.ParseJSON(Variable.GetValue("@decodeStr"));
        var sub = tokenData.sub;
        if(sub != null) {
            var url = url + "/" + sub + "/profile";
            var response = HTTP.Get(url,["Accept","Authorization"],["application/json","Bearer "+ Variable.GetValue("@token")]);
            if(response.Status == 0) {
                var jsonData = Platform.Function.ParseJSON(response.Content);
                pcsid = jsonData.thinkId;
                email = jsonData.username;
                firstName = jsonData.firstName;
                lastName = jsonData.lastName;
                status = "Success";
            }
        } else {
            message = "Unable to get sub value";
        }
    } catch (ex) {
        message = ex.message;
    }
    var responseObj = new Object();
    responseObj.Status = status;
    responseObj.Test = Variable.GetValue("@Test");
    var userid = "-1";
    if(pcsid) {
        responseObj.PcsId = pcsid;
        userid = pcsid;
    }
    if(email) {
        responseObj.Email = email;
    }
    if(firstName) {
        resposneObj.FirstName = firstName;
        responseObj.LastName = lastName;
    }
    if(message) {
        responseObj.Message = message;
    }
    Write(Stringify(responseObj));
</script>

Answer

I’ve spoken with SF engineering and they said it’s not possible currently.
The code I’ve posted seems to handle all our scenarios, but may require tweaks for you own use cases

Attribution
Source : Link , Question Author : Aditya Gollakota , Answer Author : Aditya Gollakota

Leave a Comment