Re: Issue with Java Callout while validating the J...

chandrasekharg0 · 04-11-2019 07:41 AM

we are using Java Callout provided by https://github.com/gahana/edge-jwt-sample to validate the nested (encrypted+signed) token. The callout is working as expected when sending the requests using postman runner, but we are having an issue when we are sending conccurent requests uisng Jmeter, sometimes the callout is not validating the token, it's not throwing the error either.

dchiesa1

Maybe you should raise a ticket on that github project.

It could be an issue of thread safety.

Could you tell me more about your desire to use an encrypted token? What's the business use case?

chandrasekharg0

It is the business requirement. The client authenticates against the ping and ping provides an encrypted token to the client. When requesting for the resource, the client sends the access token to apigee, apigee validates the token, extract the claims and send the claims to backend. The claims data is private, It should not be visible to the clients.

dchiesa1

I see.

Until now the use of the encrypted token is somewhat uncommon, which is why it's not a builtin feature in Apigee Edge. (Yet?)

I am not the author of the Java callout you used in this case. I can try to pull together a different one if the problem you observe with this one cannot be addressed.

chandrasekharg0

Thanks Dino.

Issue with Java Callout while validating the JWT token