Hi @Dino
I am trying to verify the JWT token that is generated by azure AD
I am having certificate content and claims details like sub,aud,iss for veriffying the token.
below is my configuration in apigee
assigning certificate content to a variable in js file
var publicCert = "certificate content"; context.setVariable("cert", "-----BEGIN CERTIFICATE-----"+ publicCert +"-----END CERTIFICATE-----");
Verify JWT configuration:
<VerifyJWT async="false" continueOnError="false" enabled="true" name="Verify-JWT-1"> <DisplayName>Verify JWT-1</DisplayName> <Algorithm>RS256</Algorithm> <PublicKey> <Value ref="cert"/> </PublicKey> <Subject>xyz</Subject> <Issuer>https://abcd/</Issuer> <Audience>https://efg/</Audience> </VerifyJWT>
Source is not given in verify JWT policy because by default source is taken in authorization header.
I am getting below errors in apigee.Please help me understand where is it getting wrong. also i am able to see that all the claims that got decoded in flow variables..but this signature verification error is coming
|
|
Body | {"fault":{"faultstring":"Invalid token: policy(Verify-JWT-1)","detail":{"errorcode":"steps.jwt.InvalidToken"}}} |
---|
error.class | com.apigee.steps.jwt.verify.SignatureVerificationException |
---|
Thanks in advance
@Siddharth Barahalikar ,
Solved! Go to Solution.
your single question helped me to find the solution i.e i tried to verify in jwt.io there the certificate content is available on signature and then i got to know that the certificate content given by other team is wrong.
now i took it from jwt.io and then it is working fine.
Thanks a lot.