Hi!
Please refer to the prior thread you and I had on this 2 months ago.
https://www.googlecloudcommunity.com/gc/Apigee/To-fix-Generate-amp-VerifyJWTAccessToken-Policy-with-...
I provided a working example. It generates JWT-formatted access tokens, and also verifies them. The example still works. You can start from that and add in the elements you need for your purposes.
Also some further notes:
- It is only in Apigee X and hybrid that the OAuthV2 policy supports operations GenerateJWTAccessToken and VerifyJWTAccessToken. These do not work on Apigee Edge.
- (This note might save you a bunch of work.) The JWT-format access token is generally NOT something you want to use, or need to use, if you are using an Apigee gateway for both generation and verification of the token. There is no need for you to do this, normally. You should be using GenerateAccessToken and VerifyAccessToken - they work better, perform better, and are simpler to implement. Just saying "we have a standard to use JWT" is not a good enough reason to use GenerateJWTAccessToken and VerifyJWTAccessToken. Please consult with your security standards people if this is the case and persuade them that they do not need federated tokens like JWT if the issuer and validator are the same party.
Good luck!