Klarna Docs - Decoding id token

Decoding id token

Consumer data is shared with integrators in a form of a JWT id token. Here is how to read that data from it.

1. Retrieve JWKS

Make an HTTP GET request to the JWKS endpoint to retrieve the public keys. The response should be a JSON object containing a keys array.

curl https://login.klarna.com/eu/lp/idp/.well-known/jwks.json 

Parse the JSON response to extract the keys, which will be in JWK (JSON Web Key) format. You might use a library in your programming environment to help with this.

3. Decode id token

Decode the id token to obtain the header, which contains the Key ID or kid, which identifies the key within the JWKS that was used to sign the token. You can use a library like jsonwebtoken in Node.js or an equivalent in your programming environment.

const jwt = require('jsonwebtoken'); 
const decodedToken = jwt.decode(id_token, { complete: true }); 
const kid = decodedToken.header.kid; 

4. Find the Signing Key

Use the kid from token's header to find the corresponding key in JWKS.

const jwk = jwks.keys.find(key => key.kid === kid); 

5. Verify the Signature

Use the public key to verify the signature of the id token. This usually requires using a library that supports JWT and the necessary cryptographic algorithms.

const publicKey = jwkToPem(jwk); // Convert JWK to PEM format 
const verifiedToken = jwt.verify(id_token, publicKey); 

6. Check content of the id token


  "billing_address": {