JWT verification for the token from Auth0 authorization server

Hi,

I'm facing an issue when verifying the token passed in the authorization header. I hit another apigee proxy endpoint in apigee edge and get back the access token from auth0. I have another API endpoint in apigee where I validate the token that is sent in the authorization header (Bearer <accesstoken>). All I need to verify is that the token issued by Auth0 or not. I have the attached policy to verify JWT.However, I'm getting the error

{ "fault": { "faultstring": "Invalid token: policy(JWT-Verify-Auth0)", "detail": { "errorcode": "steps.jwt.InvalidToken" } } }

In trace, I could see this

jwt.JWT-Verify-Auth0.error: The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA

Could someone help in identifying the issue?screen-shot-2019-04-29-at-91747-pm.jpg

0 2 598
2 REPLIES 2

sidd-harth
Participant V

This error occurs when the JWT signature verification fails.

Are you adding the correct Public Key from Auth0 Application's Advanced Settings?

Also, see that the XML is well formatted in JWT policy,

<PublicKey>
    <Value>
    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2kPrRzcufvUNHvTH/WW
    Q0UrCw5c0+Y707KX3PpXkZGbtTT4nvU1jC0d1lHV8MfUyRXmpmnNxJHAC2F73IyN
    C5TBtXMORc+us7A2cTtC4gZV256bT4h3sIEMsDl0Joz9K9MPzVPFxa1i0RgNt06n
    Xn/Bs2UbbLlKP5Q1HPxewUDEh0gVMqz9wdIGwH1pPxKvd3NltYGfPsUQovlof3l2
    ALvO7i5Yrm96kknfFEWf1EjmCCKvz2vjVbBb6mp1ZpYfc9MOTZVpQcXSbzb/BWUo
    ZmkDb/DRW5onclGzxQITBFP3S6JXd4LNESJcTp705ec1cQ9Wp2Kl+nKrKyv1E5Xx
    DQIDAQAB
    -----END PUBLIC KEY-----
    </Value>
</PublicKey>

Show your policy configuration.