The JWT Access Token

The REST call returns the JWT embedded inside a JSON object.

The tokens are shortened to save space:

{
 "access_token": "eyJhbG...",
 "expires_in": "1200",
 "id_token": "eyJhbG...",
 "state": "0",
 "token_type": "Bearer"
}

We are interested in the first two key/value pairs, access_token and expires_in. The JWT itself is stored in access_token and expires_in tells us how many seconds until this JWT is no longer valid.

We will need to parse the JSON to get these two items. For example, let's say the above JSON was in the variable restData.

In JavaScript you'd parse the JSON like this:

var obj = JSON.parse(restData);
var token = obj.access_token;
var expString = obj.expires_in;
var expires = Number(expString);

In Swift on iOS you would parse the JSON like this:

let json = JSONSerialization.jsonObject(with: restData, options: []) as? [String: Any]
let token = json?["access_token"] as? String
let expString = json?["expires_in"] as? String
let expires = Double(expString)

Note: expires_in is provided as a string so we need to convert it to a number.

If you look at the JWT inside access_token it may appear to be random text, but it actually has a defined structure. The data is Base64Url encoded and includes an RSASHA256 signature. The payload of a Live Experience JWT looks like this:

{
 "aud": "LiveExperienceDemo1",
 "iss": "auth162442238d0m",
 "exp": 1523983737,
 "server_version": "18.3.1",
 "iat": 1523982537,
 "nonce": "26741",
 "tenant_role": [
 "guest"
 ],
 "username": "1fntfqg6k45nh4o8t3rt"
}

You don't need to do anything with what's inside the JWT. We just pass it as is to the Live Experience SDK. For example, in iOS: Controller.shared.service.authToken = token.