Skip to main content

Overview

VerifyGrantToken verifies a grant token JWT locally using keys from the Grantex JWKS endpoint. It avoids the online token-verification endpoint, including its revocation lookup. The standalone helper fetches keys from the configured JWKS endpoint on every verification call, so that endpoint must be reachable. It does not call the online token-verification/revocation API, but it is not network-free.

Options

Hosted tokens use the canonical issuer https://grantex.dev, even though the stable JWKS URL is served from https://api.grantex.dev. The SDK handles this alias automatically.

Response (VerifiedGrant)

Scope Checking

Error Handling

Returns *grantex.TokenError for:
  • Missing or invalid JWKS URI
  • Expired tokens
  • Invalid signatures
  • Issuer or audience mismatches
  • Missing or incorrectly typed required claims (jti, sub, agt, dev, scp, iat, exp)
  • Missing required scopes
  • Malformed JWTs
Last modified on July 11, 2026