ColdBox Security Module
Search…
v2.x
Introduction
Intro
Release History
About This Book
Author
Getting Started
Installation
Overview
Configuration
Usage
Authentication Services
Security Rules
Security Annotations
Secured URL
Interceptions
cbSecurity Model
Cross Site Request Forgery
Security Validators
CBAuth Validator
CFML Security Validator
Custom Validator
JWT
JWT Services
JWT Validator
Refresh Tokens
Token Storage
JWT Interceptions
External links
Source code
Issue Tracker
cbauth
cbcsrf
JWT CFML
Powered By GitBook
JWT Interceptions
The JWT Services will announce some key events for you to listen to
  • cbSecurity_onJWTCreation - Whenever a new token is generated for a user
  • cbSecurity_onJWTInvalidation - Whenever an invalidation occurs for a token
  • cbSecurity_onJWTValidAuthentication - Whenever a valid JWT token is parsed, tested and authenticated with the authentication services
  • cbSecurity_onJWTInvalidUser - When trying to find the token's subject and the user service returns null or not a valid user
  • cbSecurity_onJWTInvalidClaims - When the parsed token does not adhere to the required claims
  • cbSecurity_onJWTExpiration - When the parsed token has expired
  • cbSecurity_onJWTStorageRejection - When the parsed token is valid but cannot be found in the permanent storage
  • cbSecurity_onJWTValidParsing - When the parsed token has passed all validation procedures but has NOT been authenticated yet.

cbSecurity_onJWTCreation

This event has the following data in the interceptData struct
Key
Description
token
The JWT token
payload
The payload that was used to create it
user
The user it belongs to

cbSecurity_onJWTInvalidation

This event has the following data in the interceptData struct
Key
Description
token
The JWT token that was invalidated

cbSecurity_onJWTValidAuthentication

This event has the following data in the interceptData struct
Key
Description
token
The JWT token that was parsed
payload
The payload that was decoded
user
The authenticated user

cbSecurity_onJWTInvalidUser

This event has the following data in the interceptData struct
Key
Description
token
The JWT token that was parsed
payload
The JWT payload that was parsed

cbSecurity_onJWTInvalidClaims

This event has the following data in the interceptData struct
Key
Description
token
The JWT token that was parsed
payload
The JWT payload that was parsed

cbSecurity_onJWTExpiration

This event has the following data in the interceptData struct
Key
Description
token
The JWT token that was parsed
payload
The JWT payload that was parsed

cbSecurity_onJWTStorageRejection

This event has the following data in the interceptData struct
Key
Description
token
The JWT token that was parsed
payload
The JWT payload that was parsed

cbSecurity_onJWTValidParsing

This event has the following data in the interceptData struct
Key
Description
token
The JWT token that was parsed
payload
The JWT payload that was parsed

Example

interceptors/SecurityAudit.cfc
component extends="coldbox.system.Interceptor"{
​
function cbSecurity_onJWTCreation( event, interceptData ){
// do what you like here
}
​
}
JWT - Previous
Token Storage
Last modified 2yr ago
Copy link
Edit on GitHub
Outline
cbSecurity_onJWTCreation
cbSecurity_onJWTInvalidation
cbSecurity_onJWTValidAuthentication
cbSecurity_onJWTInvalidUser
cbSecurity_onJWTInvalidClaims
cbSecurity_onJWTExpiration
cbSecurity_onJWTStorageRejection
cbSecurity_onJWTValidParsing
Example