unable to generate jwt

I'm not able to generate jwt and it's throwing a 404 not found error. Here are spec, policies that I have configured. Please let me know if there is anything wrong in the configuration.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-2">
    <DisplayName>Assign Message-2</DisplayName>
    <Properties/>
    <Copy source="request">
        <Headers/>
        <QueryParams/>
        <FormParams/>
        <Payload/>
        <Verb/>
        <StatusCode/>
        <ReasonPhrase/>
        <Path/>
    </Copy>
    <Remove>
        <Headers>
            <Header name="jwt-token"> {jwt-variable}</Header>
        </Headers>
        <QueryParams>
            <QueryParam name="q1"/>
        </QueryParams>
        <FormParams>
            <FormParam name="f1"/>
        </FormParams>
        <Payload/>
    </Remove>
    <Add>
        <Headers/>
        <QueryParams/>
        <FormParams/>
    </Add>
    <Set>
        <Headers/>
        <QueryParams/>
        <FormParams/>
        <!-- <Verb>GET</Verb> -->
        <Path/>
    </Set>
    <AssignVariable>
        <Name>name</Name>
        <Value/>
        <Ref/>
    </AssignVariable>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-1">
    <DisplayName>Assign Message-1</DisplayName>
    <AssignVariable>
        <Name>private.key</Name>
        <Value> secret123</Value>
    </AssignVariable>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GenerateJWT async="false" continueOnError="false" enabled="true" name="Generate-JWT-1">
    <DisplayName>Generate JWT-1</DisplayName>
    <Algorithm>HS256</Algorithm>
    <SecretKey>
        <Value ref="private.key"/>
    </SecretKey>
    <Subject>subject-subject</Subject>
    <Issuer>urn://apigee-edge-JWT-policy-test</Issuer>
    <Audience>audience1,audience2</Audience>
    <ExpiresIn>8h</ExpiresIn>
    <AdditionalClaims>
        <Claim name="additional-claim-name" type="string">additional-claim-value-goes-here</Claim>
    </AdditionalClaims>
    <OutputVariable>jwt-variable</OutputVariable>
</GenerateJWT>
# Example YAML to get you started quickly.
# Be aware that YAML has indentation based coping.
# Code completion support is available so start typing for available options.
swagger: '2.0'

# This is your document metadata
info:
  version: "0.0.1"
  title: Example Title
  description: |
    A brief description of the API.
    It can be multiple lines.

host:
  people.apigee.io

schemes:
  - https
  - http

# Describe your paths here
paths:
  # This is a path endpoint. Change it.
  /generate_jwt:
    get:
      summary: generates a jwt
      description: generates a jwt
      responses:
        200:
          description: OK
  /verify_jwt:
    get:
      summary: verify the jwt
      description: verify the jwt
      responses:
        200:
          description: OK

0 7 353
7 REPLIES 7

sidd-harth
Participant V

I dont see any issues in the policies. Can you also post the exact 404 error you are getting?

Also, attach your proxy bundle zip here for inspection.

Check this doc to download a proxy bundle,

https://docs.apigee.com/api-platform/fundamentals/download-api-proxies

@Siddharth Barahalikar,

Thanks for looking into this. Attached is the bundle that you've requested.

reallydo-rev2-2019-03-14.zip

sidd-harth
Participant V

Thanks for the proxy.

You have added Generate JWT policy on the response side and also using an HTTPTargetEndpoint(https://mocktarget.apigee.net/)

When you make a call, Apigee will make a call to https://mocktarget.apigee.net/generate_jwt

In Mocktarget Endpoint there is no generate_jwt resource and hence you are getting 404 Not Found.

If your goal is to only generate JWT/OAuth token in Apigee, there is no need for TargetEndpoint. So you can use NoTarget option.

I have updated and uploaded a proxy, check that.

I have moved the JWT Generate policy to request side and also added as Assign Message policy to simply display the JWT as final payload.

8323-reallydo-rev2-2019-03-14-rev2-2019-03-14.zip

Thanks a lot. Also if I want to verify the jwt, should I add the policy at the request or response side?

When a call is made to Apigee, all the policies on Request flow are validated, and then it hits the TargetEndpoint. After we get the response from the target, the Response flow policies will be executed.

Verifying/Generating Tokens should be done before we hit the Target, so it is recommended to use these policies on the request side.

Also, we've configured the jwt to show up the in http headers. Why does it show up in the html body?

<Headername="jwt-token"> {jwt-variable}</Header>

Your AssignMessage policy... doesn't look quite right.

I don't know what you mean by

we've configured the jwt to show up the in http headers.

The AssignMessage policy you showed mentions a Header named "jwt-token". But it is under the REMOVE element. The effect of this is ... to REMOVE a header named "jwt-token" if it appears in the ambient message (either request or response, depending on where you attach that AssignMessage. I think... that doesn't make sense. In fact I don't understand your goal in using that AssignMessage policy. what is the point of that?

The way to send a JWT into Apigee Edge is to ... send it from the client.

The VerifyJWT policy will *automatically* retrieve the JWT from the Authorization header if you send the JWT in this form:

	Authorization: Bearer $JWT

If you do not wish to send the JWT to Apigee Edge in that place, then you can send it from the client in another header, or in the payload, or... some other way. Then, you can tell the VerifyJWT policy the Source of the JWT, by specifying the Source element to that policy. The Source element takes a Variable name. This is all documented.

You say you "want to verify the JWT". Which party sends the JWT? Where does it come from? If you can tell us that we might be able to help you more.