The JWT is generated in Okta. I have a React SPA and use the implicit flow.
Then I used Postman to send the request to API with the token in the Authorization header.
Below is my JWT policy.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VerifyJWT async="false" continueOnError="false" enabled="true" name="Verify-JWT-1"> <DisplayName>Verify JWT-1</DisplayName> <Algorithm>RS256</Algorithm> <Source>request.header.authorization</Source> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables> <PublicKey> <JWKS ref="Pegr_dBj6EAkez5Fg3XdC6gw1d0jUFs7Xr9ufwSAIKo"/> </PublicKey> <Subject>m.nxdsd@outlook.com</Subject> <Issuer>https://dev-202913.oktapreview.com/oauth2/default</Issuer> <Audience>api://default</Audience> <AdditionalClaims> <Claim name="groupclaim">Company.Posson.CST</Claim> </AdditionalClaims> </VerifyJWT>
I tried different configurations for PublicKey Values but I am getting the below error.
{ "fault": { "faultstring": "Failed to Decode Token: policy(Verify-JWT-1)", "detail": { "errorcode": "steps.jwt.FailedToDecode" } } }
This was so straight forward setting up in Azure API Management. But my current company wants to move to APIGEE.
I think it should be straightforward.
Hi @Naseem Mohammed, I guess the issue is with,
<PublicKey> <JWKS ref="Pegr_dBj6EAkez5Fg3XdC6gw1d0jUFs7Xr9ufwSAIKo"/> </PublicKey>
Use the ref attribute to pass the key in a flow variable. So before this policy apigee recommends using Encrypted KVM's or for testing cases use an Assign Message policy(Assign Variable).
or
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-passphrase"> <DisplayName>Assign-passphrase</DisplayName> <Properties/> <AssignVariable> <Name>publicKey</Name> <Value>Pegr_dBj6EAkez5Fg3XdC6gw1d0jUFs7Xr9ufwSAIKo</Value> </AssignVariable> </AssignMessage>
<PublicKey> <Value ref="publicKey"/> </PublicKey> -or try below config- <PublicKey> <Value>Pegr_dBj6EAkez5Fg3XdC6gw1d0jUFs7Xr9ufwSAIKo</Value> </PublicKey>
Hi Siddharth-
I tried AssignMessage recommendation but I am still getting the same error. I am adding little more details.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |