Hi,
Im trying to follow Anil Rupanagudi's tutorial on how to generate a JWT token. I cant seem to get it to work however. When I try to run a post request against it i just get the body response from the back end but the JWT token doesn't appear in the response header.
PreFlow
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ProxyEndpoint name="default"> <Description/> <FaultRules/> <PreFlow name="PreFlow"> <Request/> <Response> <Step> <Name>Assign-Message-1</Name> </Step> <Step> <Name>Generate-JWT-1</Name> </Step> <Step> <Name>Assign-Message-2</Name> </Step> </Response> </PreFlow> <PostFlow name="PostFlow"> <Request/> <Response/> </PostFlow> <Flows/> <HTTPProxyConnection> <BasePath>/generatejwt</BasePath> <Properties/> <VirtualHost>default</VirtualHost> <VirtualHost>secure</VirtualHost> </HTTPProxyConnection> <RouteRule name="default"> <TargetEndpoint>default</TargetEndpoint> </RouteRule></ProxyEndpoint>
Generate JWT-1
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-JWT-1"> <DisplayName>Generate JWT-1</DisplayName> <Algorithm>HS256</Algorithm> <SecretKey> <Value ref="private.key"/> </SecretKey> <Subject>subject-subject</Subject> <Issuer>urn://apigee-edge-JWT-policy-test</Issuer> <Audience>audience1,audience2</Audience> <ExpiresIn>8h</ExpiresIn> <AdditionalClaims> <Claim name="userId" type="string" ref="request.formparam.username/"/> </AdditionalClaims> <OutputVariable>jwt-variable</OutputVariable> </GenerateJWT>
Assign Message 1
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-1"> <DisplayName>Assign Message-1</DisplayName> <Properties/> <AssignVariable> <Name>private.key</Name> <Value>Secret123</Value> </AssignVariable> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="response"/> </AssignMessage>
Assign Message 2 (Header response)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-2"> <DisplayName>Assign Message-2</DisplayName> <Add> <Headers> <Header name="jwt-token">{jwt-variable}</Header> </Headers> </Add> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="response"/> </AssignMessage>
Back end: https://reqres.in
When I run the post request in post man I get the following headers:
Date →Wed, 09 Jan 2019 16:47:05 GMT
Content-Type →text/html; charset=utf-8
Set-Cookie →__cfduid=d2a2327127fd1c17003d34208d1fbba9c1547052425; expires=Thu, 09-Jan-20 16:47:05 GMT; path=/; domain=.reqres.in; HttpOnly
X-Powered-By →Express
Access-Control-Allow-Origin →*
Expect-CT →max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server →cloudflare
CF-RAY →4968623a4a65c566-ORD
Content-Encoding →gzip
X-Cache →MISS from mE0CBBC07437D
X-Cache-Lookup →MISS from mE0CBBC07437D:3128
Via →1.1 mE0CBBC07437D (squid/3.5.23)]
Connection →close
Appreciate any insight, thank you.
Solved! Go to Solution.
I suggest that you:
After further investigation I can see that the request returns a 404 as well, so Im not sure why its not being found
I suggest that you:
Thanks Dino, I tried it without a back end and with underscored and I was able to generate a token. It puts me in a good position to progress.
Great! Glad to hear it.
I think it would be good for Apigee to validate and reject variable names with dashes or other invalid characters, on import or save, but ... for now the tool does not do that.