JWT validation is done in TDGSS during connection establishment. TDGSS gets the JWT token and validates its signature.
JWT (more precisely compact JWS) consists of three parts: header, payload, and signature. The payload contains a set of claims in a JSON object. The Issuer (“iss”) claim identifies the URI of the identity provider that issued the JWT.
There are two validation cases:
- Local Validation: TDGSS receives the JWT minted by an internal Central IdP.
- Validation by Token Exchange: TDGSS receives the JWT minted by an external IdP.