Hi guys,
I have an issue as I wrote in the title regarding the VerifyJWT policy.
I'm trying to validate the external JWT provided by keycloak but I'm receiving this message error:
Invalid JWS header: Invalid JSON: Unexpected token �z��&�r#�%%3#Sb"�'G�"�$�uB"�&��B"�%�C�wu7����ƦDD$��5CEw��tW��Ĥ�FuV6EFr' at position 84.
I'm using the follow policy (extracted):
<DisplayName>Keycloak-Verify-JWT</DisplayName>
<Algorithm>RS256</Algorithm>
<Source>request.header.authorization</Source>
<PublicKey> <Value ref="public.jwt"/> </PublicKey> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
public.jwt = public key provided by keycloak v10.0.0
I also tried the validation step in jwt.io and it's ok.
EDIT1: The DecodeJWT policy also fail for the same reason, I've checked the token format and it seems correct
header.payload.signature
Solved! Go to Solution.
Hey I found the solution and I want to share here in case of someone has the same problem.
The issue I experienced was triggered by the presence of the word "Bearer" inside the Authorization header.
I added an ExtractVariables policy with this piece of code
<ExtractVariables name="Extract-Variables-1"> <DisplayName>Extract Variables-1</DisplayName> <Properties/> <Header name="Authorization"> <Pattern ignoreCase="false">Bearer {private.jwt}</Pattern> </Header> <Source clearPayload="false">request</Source> </ExtractVariables>
Hey I found the solution and I want to share here in case of someone has the same problem.
The issue I experienced was triggered by the presence of the word "Bearer" inside the Authorization header.
I added an ExtractVariables policy with this piece of code
<ExtractVariables name="Extract-Variables-1"> <DisplayName>Extract Variables-1</DisplayName> <Properties/> <Header name="Authorization"> <Pattern ignoreCase="false">Bearer {private.jwt}</Pattern> </Header> <Source clearPayload="false">request</Source> </ExtractVariables>
Thanks for the answer.
Another way to avoid the problem is to eliminate the Source element completely.
If there is no Source element, then the VerifyJWT policy extracts the JWT from the Authorization header (stripping the Bearer prefix) for you.
I'm sorry if this was not clear from the documentation.
Thanks for explaination, now it's clear.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |