Summary
Implement validation of incoming JWT tokens received from Montonio on payment return or webhook callback.
Requirements
- Parse and validate JWT tokens from Montonio callbacks
- Verify HS256 signature using the merchant's secret key
- Verify token expiration
- Verify merchant identity (access key claim)
- Extract structured payment result: status, order UUID, merchant reference, payment provider name, sender details
- Return typed errors on validation failure (expired, bad signature, wrong merchant, malformed)
- Support multi-merchant — select correct secret key based on token claims
Refs
initial-docs/project1.md — validate return/webhook token, verify signature/expiration/merchant/referenceinitial-docs/project2.md — parse webhook JWT into structured order result
Testing
Unit tests covering: valid token parsing, expired token rejection, invalid signature rejection, wrong merchant rejection, malformed token handling, multi-merchant key selection. Target near-perfect coverage.
Summary
Implement validation of incoming JWT tokens received from Montonio on payment return or webhook callback.
Requirements
Refs
initial-docs/project1.md— validate return/webhook token, verify signature/expiration/merchant/referenceinitial-docs/project2.md— parse webhook JWT into structured order resultTesting
Unit tests covering: valid token parsing, expired token rejection, invalid signature rejection, wrong merchant rejection, malformed token handling, multi-merchant key selection. Target near-perfect coverage.