Is there anyway to verify JWT signature at apigee without using VerifyJWT Policy?

Hi Guys,

Is there anyway to verfiy JWT token's signature at APIGEE without using VerifyJWT policy/JAR files? We have already decoded header and payload through javascript but now we want to validate the signature of JWT token in APIGEE. We have used the code in javascript to decode header and payload but we are not able to decode signature with this code. Our main aim is to verify whether JWT is coming from correct external token provider.

Regards Saransh Tiwari

Solved Solved
0 2 1,063
1 ACCEPTED SOLUTION

Yes, you can verify JWT signatures using JavaScript or nodejs with the npm module. For example you can use jsrsasign. Whether you use the JS callout or a nodejs target, In either case, it will be much slower.

Why not just use the builtin VerifyJWT policy?

There is also the DecodeJWT policy.

For a discussion of the difference between these, and when to use each, see here.

View solution in original post

2 REPLIES 2

@Dino - Please Help!

Yes, you can verify JWT signatures using JavaScript or nodejs with the npm module. For example you can use jsrsasign. Whether you use the JS callout or a nodejs target, In either case, it will be much slower.

Why not just use the builtin VerifyJWT policy?

There is also the DecodeJWT policy.

For a discussion of the difference between these, and when to use each, see here.