Verify API Key ref value generating blank value for a key passed in JWT Claim

I have create a policy which takes API Key in claim inside a JWT-Token. Token is first decoded. In Verify-Apikey policy, ref value is passed as jwt.Decode-JWT-Int.decoded.claim.apikey

This verify key is not working if ref is used.

In trace, I could find two variables

jwt.Decode-JWT-Int.decoded.claim.apikey -> blank value

jwt.Decode-JWT-Int.decoded.claim.apikey -> actual api key value passed in the claim

Now since, the first value is blank, API key verification fails.

API Key works perfectly fine if key is passed as value.

C# Code to generate JWT-Token -:

var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); 

var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);

var secToken = new JwtSecurityToken(  signingCredentials: credentials,  issuer: "SDF",  audience: "SDF9", 
            claims: new[]  {new Claim("appName", "abcd"),
                new Claim("apikey ", "*****************")
            }, 
            notBefore: DateTime.UtcNow,
            expires: DateTime.UtcNow.AddMinutes(5)); 
            var handler = new JwtSecurityTokenHandler(); 
            var tkn =  handler.WriteToken(secToken); 

What could be the issue?

Solved Solved
0 1 146
1 ACCEPTED SOLUTION

Got the error. While apikey generating claim, key was written as "apikey " [note the extra space in the end]. Because of this, error was there.

View solution in original post

1 REPLY 1

Got the error. While apikey generating claim, key was written as "apikey " [note the extra space in the end]. Because of this, error was there.