JWT EdgeEngine Validation
The StackPath EdgeEngine
This script will only validate that the JWT provided is valid and the signature matches the Public Key exposed by your JWKS endpoint. If the JWT is considered valid, the request will continue to your site and the response is returned to the client.
This project uses yarn to manage dependencies and execute build s
cripts, please install
yarn before continuing. Once
yarn has been installed and after
you have cloned the repository, you can install the dependencies by executing the following
$ yarn install
Building the script
Before building the project, you will want to configure the project to reach out to the
correct JWKS endpoint. The endpoint the script uses to retrieve your JWKS will be injected
at build time through webpack. Set the
variable at build time to configure the endpoint that's used by the script. The
parameter should be set to the
kid value defined within the JWK that's used for signing
$ JWKS_URL="https://example.com/.well-known/jwks.json" JWKS_KID="$KID" yarn build
Once the build has completed, your script will be located in
Uploading the script
Once you have built your script, log in to the StackPath Portal and navigate to the EdgeEngine tab within your CDN site.
First, create a new script using
* as the Path option, this will force the script to be
called on every request to your CDN site. Next, copy the script contents from
and paste them into the editor within the control panel.