Algorithm support in JWT Policies

meghdeepbasu
Participant II

Hi,

As part of Open Banking mandates, the API providers MUST support signing and verifying JWTs with PS256 algorithm after March 13th 2019.

Is there any plan for Apigee to support this algorithm in JWT policies by that time ?

Thanks,

Meghdeep

Solved Solved
0 14 568
1 ACCEPTED SOLUTION

Yes, we have a plan to deliver PS256 support, before March 13th.

EDIT: PS256 support is now available in Apigee cloud, Apigee hybrid, and OPDK 4.50

View solution in original post

14 REPLIES 14

Yes, we have a plan to deliver PS256 support, before March 13th.

EDIT: PS256 support is now available in Apigee cloud, Apigee hybrid, and OPDK 4.50

Hi Dino, any news on PS256 support?

Hi Simon. I had expected this to be released by now; the release is imminent, although I don't know exactly when it will happen.

I am also looking for PS256 support so am interested to know when it will be here.

@Dino-at-Google we are not in new version yet. Is there a way to have java callout with ps256 support? (we are doing some exploration on open banking )

@vinay you'll have to write out some java code yourself and use a Java Callout if you want to use PS256. There are several libraries that you can use for this, but after trying all of them it looks like Nimbus JOSE + JWT is the one that best fits the requirements for OB.

Did you implement? Do you have sample to share?

I expect it will be a few more days before the release of the update that allows PS256 with the GenerateJWT policy.

For now you may be able to "explore" using RS256. The keys are the same, everything else is the same as PS256.

In which on-prem release does PS256 support? Checking for options.

https://openid.net/specs/openid-financial-api-part-2-ID2.html#jws-algorithm-considerations

JWS algorithm considerations

Both clients and authorisation servers:

shall use PS256 or ES256 algorithms;
should not use algorithms that use RSASSA-PKCS1-v1_5 (e.g. RS256);
shall not use none;

The PS* algorithms are available in OPDK 4.50

I've just tested to see if PS256 support is in place on our tenancy but it still isn't working.

java.lang.IllegalArgumentException: No enum constant com.apigee.steps.jwt.common.JWTStepBeans.Algorithm.PS256

Correct. I am sorry to report that we haven't released this update yet. Soon! I can't give a better estimate of when. I had expected it to be released by now.

https://status.apigee.com/incidents/538k54by634q

sonalishyam
Participant II
@Dino-at-Google

Is this feature available now?

I've just tried it again on our tenancy and it still has the same problem.

Invalid token: policy(java.lang.IllegalArgumentException: No enum constant com.apigee.steps.jwt.common.JWTStepBeans.Algorithm.PS256)

So I don't think it has been rolled out yet.