I have added a policy for JWT verification with the help of key value maps and is working fine in eval version of APIGEE
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VerifyJWT async="false" continueOnError="false" enabled="true" name="auth0-token-verify"> <DisplayName>auth0-token-verify</DisplayName> <Algorithm>RS256</Algorithm> <PublicKey> <JWKS uri="https://thanos.auth0.com/.well-known/jwks.json"/> </PublicKey> <Issuer>https://thanos.auth0.com/</Issuer> <Audience ref="var_auth0_jwt_audience"/> </VerifyJWT>
But when i used same bundle in the apigee licensed version, it started throwing error:
"code" : "steps.jwt.EmptyElementForKeyConfiguration", "message" : "Empty Element for Key Configuration : policy(auth0-token-verify) element(PublicKey/JWKS)",
The bundle works fine in licensed version if I remove the JWT policy above. Any thoughts on the same @Dino-at-Google @Dino
the apigee version where we are getting error is 19.01
This error says the jwks.json issue. Either it's not accessible or its returning empty.
<JWKS uri="https://thanos.auth0.com/.well-known/jwks.json"/>
If it is not able to get, you can have the JSON body in your KVM and extract inside proxy and use as reference for the JWKS
I have tested on the same. The JWKS uri is publicly accessible . Also this was working in eval version
is it saas or onprem version of apigee ?
You may be experiencing a bug in the VerifyJWT policy.
Check this Q&A for a similar issue, and a suggested workaround.
The fix for that problem is rolling out into production. The eval organizations get the fixes first., which would explain the difference in behavior you observed.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |