Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

SignatureVerificationException during JWT verify in apigee

Hi @Dino

I am trying to verify the JWT token that is generated by azure AD

I am having certificate content and claims details like sub,aud,iss for veriffying the token.

below is my configuration in apigee

assigning certificate content to a variable in js file

var publicCert = "certificate content"; context.setVariable("cert", "-----BEGIN CERTIFICATE-----"+ publicCert +"-----END CERTIFICATE-----");

Verify JWT configuration:

  <VerifyJWT async="false"
             continueOnError="false" enabled="true" name="Verify-JWT-1"> 
    <DisplayName>Verify JWT-1</DisplayName> 
    <Algorithm>RS256</Algorithm> 
    <PublicKey> 
      <Value ref="cert"/>
    </PublicKey> 
    <Subject>xyz</Subject> 
    <Issuer>https://abcd/</Issuer>
    <Audience>https://efg/</Audience> 
  </VerifyJWT>

Source is not given in verify JWT policy because by default source is taken in authorization header.

I am getting below errors in apigee.Please help me understand where is it getting wrong. also i am able to see that all the claims that got decoded in flow variables..but this signature verification error is coming

  • Error Content
Body
{"fault":{"faultstring":"Invalid token: policy(Verify-JWT-1)","detail":{"errorcode":"steps.jwt.InvalidToken"}}}
error.class com.apigee.steps.jwt.verify.SignatureVerificationException

Thanks in advance

@Siddharth Barahalikar ,

Solved Solved
0 5 869
1 ACCEPTED SOLUTION

your single question helped me to find the solution i.e i tried to verify in jwt.io there the certificate content is available on signature and then i got to know that the certificate content given by other team is wrong.

now i took it from jwt.io and then it is working fine.

Thanks a lot.

View solution in original post

5 REPLIES 5
Top Solution Authors