JWT Token Validation with Wasm Functions

• Prerequisites

In this tutorial, we demonstrate how to offload JWT token validation to a Spin App running on Fermyon Wasm Functions. We’ll take clients request tokens from an OAuth 2.0/OpenID-compliant Identity Provider and then send them as an Authorization header to an EdgeWorker. The EdgeWorker forwards the token to the Spin App for validation, which returns a 200 HTTP status for valid tokens or a 401 for invalid ones, with detailed feedback. This process happens early in the EdgeWorker’s onClientRequest phase, ensuring fast and efficient validation thanks to the Spin applications running on Fermyon Wasm Functions. Let’s take a look at how this works in action!

Remaining coming soon! Meantime visit the JWT Validation example in GitHub