This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to verify Nested JWT token

Posted on 02-17-2022 08:34 AM
dpatty
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi ,

We are using apigee Hybrid . Have to implement JWT token verification in apigee . Please suggest correct approach to achieve .

JWT token is nested token and inner token is encrypted one . I have received public certificate in pem format and  private certificate in .p12 format . 

Here What I am doing for sample implementation . 

1- Created assign message policy and hard code public key which in PEM format to a variable called private.key

2 - Created JWT verify policy 

      Specified algorithm - ES512

      Specified PublicKey - Referencing to private.key 

This policy verifying the token and populating related flow variables .

Inner token is part of the payload(jwe:innertoken) of outer token . 

This token in encrypted. Could any one please give insight how to decrypt this token using the private key which is in .p12 format .  

 

 

Best Regards,

Patty

Solved Solved
0 12 1,402
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
API-Evangelist
Silver 5
Silver 5
In response to dpatty
Reply posted on --/--/---- --:-- AM


Further little more help..looks like you may be using incorrect format of private key PEM format looking at your earlier post.
Please do below.
1. Remove the Bag Attributes from the key and use below format in kvm (or may be for simplicity use AssignMessage policy with a variable - private.pvtkey prior to VerifyJWT policy )

 

-----BEGIN PRIVATE KEY-----
<<encoded string>>
-----END PRIVATE KEY-----

 


Good read -> https://docs.apigee.com/how-to-guides/converting-certificates-to-supported-format
2. Now use below policy as stated earlier by dino referencing private key variable - private.pvtkey

 

<VerifyJWT name='VJWT-1'>
  
<Algorithms>

    <Key>ECDH-ES+A256KW</Key>
  
</Algorithms>
  
<PrivateKey>

    <Value ref=“private.pvtkey”/>
  
</PrivateKey>
  <Source>variable-containing-encrypted-jwt</Source>
 ...
</VerifyJWT>

 



Hope this helps.

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to API-Evangelist
Reply posted on --/--/---- --:-- AM

yes! Your private key should be of this form: 

-----BEGIN PRIVATE KEY-----
<<base64-encoded string>>
-----END PRIVATE KEY-----

 

View solution in original post

Jump to Solution
0 Likes
12 REPLIES 12
Top Solution Authors
View all