<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VerifyJWT async="false" continueOnError="false" enabled="true" name="Verify-JWT-1"> <DisplayName>Verify JWT-1</DisplayName> <Algorithm>HS256</Algorithm>

<Source>jwt-variable</Source>

<SecretKey>

<Value ref="private.key"/>

</SecretKey>

<Subject>subject-subject</Subject> <Issuer>urn://apigee-edge-JWT-policy-test</Issuer> <Audience>audience1,audience2</Audience> <AdditionalClaims> <Claim name="additional-claim-name" type="string">additional-claim-value-goes-here</Claim> </AdditionalClaims> </VerifyJWT>

How are you sending the JWT token?

If you are passing the JWT in the Authorization header, you do not need to include the Source element in the policy.

No success after remove source also same issue

Where is the JWT? How is the JWT being passed in, with the API request?

Did you verify that the Authorization header contains a string of the form "Bearer $JWT"?

i dont want to pass. i want to get json token missing response as error

but its giving diffrent reponse like below

"{"fault":{"faultstring":"NullPointerException","detail":{"errorcode":"Internal Server Error"}}}"

I think we are solving the problem that the VerifyJWT policy is throwing an error.

The purpose of the VerifyJWT policy is to Verify a JWT. In order to verify a JWT, you must have a JWT. The way the policy works: it retrieves the JWT from a context variable that you specify.

I don't understand your comment:

i dont want to pass. i want to get json token

You must have a JWT to verify if you want to verify it. It makes no sense to use VerifyJWT if you don't have a JWT. If you want to generate a token, use the GenerateJWT policy. IF you don't want to verify a JWT, don't use the VerifyJWT policy.

For further details I direct you to the very helpful documentation on these policies.

please check video

https://docs.apigee.com/api-platform/reference/policies/verify-jwt-policy

in this document.

they are not passing token and at that time they are getting diffrent error not

"{"fault":{"faultstring":"NullPointerException","detail":{"errorcode":"Internal Server Error"}}}"

I don't know what problem we are trying to solve right now.

What is the problem?

please check video

I'm not interested in looking at a video contained in the Apigee docs. Explain YOUR PROBLEM to me, in your words. Your explanation of the problem up until now are not sufficient. Try to use more words, and more sentences than you think are necessary. I am utterly unclear at this point, even after all the back and forth, as to your problem. So take it slow and give me all the details.

• What are you trying? (give specific details)
• What results are you expecting to see?
• What results are you actually seeing?

Explanations like "i dont want to pass. i want to get token" and "please check video" are not helpful to me. That clarifies nothing. You will need to elaborate in much more detail if you'd like to get some help. Use nouns, verbs, subjects and predicates. Paragraphs. EXPLAIN. Address ALL THREE questions I posed above.

• What are you trying? (give specific details)

i m trying JWT varification policy

without passing it

• What results are you expecting to see?

errocode: step.jwt.InvalidToken

• What results are you actually seeing?

{"fault":{"faultstring":"NullPointerException","detail":{"errorcode":"Internal Server Error"}}}

There's an error in the VerifyJWT policy that results in this unexpected behavior. We've previously logged this error and have a fix which will be released as soon as we can release it. In the meantime you will have to work around this behavior.

I'm sorry for the inconvenience.