This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

In Apigee Verify JWT with multiple Algorithms

Posted on 05-17-2023 11:15 PM
bhatnagarm
New Member
Reply posted on --/--/---- --:-- AM

I have currently setup different algorithms for my Auth Code Flow token and my Client Credentials token. The Setup I did to verify this in Apigee is 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyJWT async="false" continueOnError="false" enabled="true" name="Verify_JWT">
    <DisplayName>Verify_JWT</DisplayName>
    <FaultRules/>
    <Properties/>
    <Algorithm>RS512,PS256</Algorithm>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <Issuer>https://auth.example.com</Issuer>
    <PublicKey>
        <JWKS uri="https://auth.example.com/pf/JWKS"/>
    </PublicKey>
    <Source>inbound.jwt</Source>
</VerifyJWT>

 

 

It is sometimes working well for a client credential flow (using RS512) but sometimes it fails with invalid token. According to my understanding of the documentation a token should be validated against both these algorithms. Is that an incorrect assumption? What is the best way to make it validate against both ?

0 1 315
Topic Labels
0 Likes
1 REPLY 1