Hi Guys,
Is there anyway to verfiy JWT token's signature at APIGEE without using VerifyJWT policy/JAR files? We have already decoded header and payload through javascript but now we want to validate the signature of JWT token in APIGEE. We have used the code in javascript to decode header and payload but we are not able to decode signature with this code. Our main aim is to verify whether JWT is coming from correct external token provider.
Regards Saransh Tiwari
Solved! Go to Solution.
Yes, you can verify JWT signatures using JavaScript or nodejs with the npm module. For example you can use jsrsasign. Whether you use the JS callout or a nodejs target, In either case, it will be much slower.
Why not just use the builtin VerifyJWT policy?
There is also the DecodeJWT policy.
For a discussion of the difference between these, and when to use each, see here.
@Dino - Please Help!
Yes, you can verify JWT signatures using JavaScript or nodejs with the npm module. For example you can use jsrsasign. Whether you use the JS callout or a nodejs target, In either case, it will be much slower.
Why not just use the builtin VerifyJWT policy?
There is also the DecodeJWT policy.
For a discussion of the difference between these, and when to use each, see here.
User | Count |
---|---|
7 | |
2 | |
2 | |
2 | |
1 |