models/tech.yaxi.routex.models/Authenticated

Authenticated

class Authenticated<T>

Wrapper around an authenticated YAXI service response carried as a JWT.

Service results are signed with the same secret key your backend uses to mint tickets. Signature verification is intentionally NOT performed client-side because the secret never leaves your backend. Two paths:

  • Client-only display. Calling decodeUnverified is acceptable when the decoded data is only used inside this client process (for example, rendered in a UI) and never leaves it.

  • Anything else. The client process must NOT decode and forward the values to a backend, persist them, or act on them in a security-sensitive way. Forward the raw jwt string to a backend that holds your YAXI API secret, have the backend verify the JWT signature and the ticket id, and only then act on the verified payload.

Treat output of decodeUnverified as untrusted user input the moment it leaves this process. See Verify results for backend verification snippets.

Properties

Link copied to clipboard
val jwt: String

The original JWT string. Forward to a backend that holds your YAXI API secret (the same key used to mint tickets); verify the signature there and act on the verified payload server-side.

Functions

Link copied to clipboard
fun decodeUnverified(): T

Decode the JWT body's data claim into T without verifying the signature.

Generated by Dokka
© 2026 Copyright