VerifyJWT policy steps.jwt.FailedToDecode

Not applicable

The JWT is generated in Okta. I have a React SPA and use the implicit flow.

Then I used Postman to send the request to API with the token in the Authorization header.

Below is my JWT policy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyJWT async="false" continueOnError="false" enabled="true" name="Verify-JWT-1">
    <DisplayName>Verify JWT-1</DisplayName>
    <Algorithm>RS256</Algorithm>
    <Source>request.header.authorization</Source>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <PublicKey>
        <JWKS ref="Pegr_dBj6EAkez5Fg3XdC6gw1d0jUFs7Xr9ufwSAIKo"/>
    </PublicKey>
    <Subject>m.nxdsd@outlook.com</Subject>
    <Issuer>https://dev-202913.oktapreview.com/oauth2/default</Issuer>
    <Audience>api://default</Audience>
    <AdditionalClaims>
        <Claim name="groupclaim">Company.Posson.CST</Claim>
    </AdditionalClaims>
</VerifyJWT>

I tried different configurations for PublicKey Values but I am getting the below error.

{
    "fault": {
        "faultstring": "Failed to Decode Token: policy(Verify-JWT-1)",
        "detail": {
            "errorcode": "steps.jwt.FailedToDecode"
        }
    }
}

This was so straight forward setting up in Azure API Management. But my current company wants to move to APIGEE.

I think it should be straightforward.

0 2 415
2 REPLIES 2

sidd-harth
Participant V

Hi @Naseem Mohammed, I guess the issue is with,

<PublicKey>
        <JWKS ref="Pegr_dBj6EAkez5Fg3XdC6gw1d0jUFs7Xr9ufwSAIKo"/>
    </PublicKey>

Use the ref attribute to pass the key in a flow variable. So before this policy apigee recommends using Encrypted KVM's or for testing cases use an Assign Message policy(Assign Variable).

or

<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-passphrase">
    <DisplayName>Assign-passphrase</DisplayName>
    <Properties/>
    <AssignVariable>
  	<Name>publicKey</Name>
 	<Value>Pegr_dBj6EAkez5Fg3XdC6gw1d0jUFs7Xr9ufwSAIKo</Value>
    </AssignVariable>
</AssignMessage>


<PublicKey>
   <Value ref="publicKey"/>
</PublicKey>

-or try below config-

<PublicKey>
    <Value>Pegr_dBj6EAkez5Fg3XdC6gw1d0jUFs7Xr9ufwSAIKo</Value>
</PublicKey>

Hi Siddharth-

I tried AssignMessage recommendation but I am still getting the same error. I am adding little more details.

7865-apigee.png

7862-oktaapigee.png

7864-oktaapigee1.png

7863-postmand.png