This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to create plain unsecured JWT token in apigee

Posted on 01-03-2024 05:43 AM
UmangSrivastava
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

How can we make unsecured JWT token where algorithm is none. I tried using inbuilt Policies but they do not accept none in algorithm fields. Is it possible to use any third party library like nimbus jose in javascript to get desired unsecured jwt token

0 2 172
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
API-Evangelist
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

I would recommend consulting with your security team to discuss the decision to generate unsecured JWT tokens. In my opinion, this practice carries significant security risks and should be carefully considered.

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM
@UmangSrivastava wrote:

How can we make unsecured JWT token where algorithm is none. I tried using inbuilt Policies but they do not accept none in algorithm fields. Is it possible to use any third party library like nimbus jose in javascript to get desired unsecured jwt token

 

None of the builtin policies in APigee support the Algorithm of 'None' for JWT.  

It is possible for you to use 3rd-party libraries or just string concatenation to generate a JWT with alg="none".  

What reason do you have for doing this?  WHY do you want a JWT with alg=none ?