How to set and retrive jwt from the authorization ... - Page 2

arunkumar413 · 03-14-2019 03:16 AM

Hi Team,

I have gone through jwt generation and verification tutorial. But as per this (https://jwt.io/introduction/) resource, the jwt needs to be set the authorization header.

Is the correct way to set the authorization header after generating the jwt?

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Jwt-Token">
    <DisplayName>Assign Jwt Token</DisplayName>
    <Properties/>
    <Set>
        <Headers>
            <Header name="Authorization">{jwt-variable}</Header>
        </Headers>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

Is this the correct way to retrieve and verify the jwt from the authorization header?

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyJWT async="false" continueOnError="false" enabled="true" name="Verify-JWT-1">
    <DisplayName>Verify JWT-1</DisplayName>
    <Algorithm>HS256</Algorithm>
    <Source>request.header.Authorization</Source>
    <SecretKey>
        <Value ref="private.key"/>
    </SecretKey>
    <Subject>subject-subject</Subject>
    <Issuer>urn://apigee-edge-JWT-policy-test</Issuer>
    <Audience>audience1,audience2</Audience>
    <AdditionalClaims>
        <Claim name="additional-claim-name" type="string">additional-claim-value-goes-here</Claim>
    </AdditionalClaims>
</VerifyJWT>

Thanks,

Arun

How to set and retrive jwt from the authorization header.