This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Verify JWT Token using RS256 algorithm

Posted on 08-27-2020 06:25 AM
yuvashrijayakum
New Member
Reply posted on --/--/---- --:-- AM

I have configured Veridy JWT token in apigee proxy. While testing it in postman, I am getting "Invalid claim :claim(iss). I didnt add any claims under 'additional claims' in JWT Token policy.

How should I fix this?

Solved Solved
0 7 2,240
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

In general when asking for help, providing a description of the error you are seeing is not enough information. You also need to provide the configuration of the policy or proxy that you are using. And also perhaps the data or request that you are using, in this case that would be the actual JWT, if you're comfortable sharing it.

Even without the other information, I can infer some things from the information you gave.

"invalid claim: claim(iss)" indicates that the VerifyJWT policy you are using is configured to verify the issuer of the JWT you have provided, and the policy is finding that the issuer in the JWT does not match what your policy configuration requires.

When a VerifyJWT policy executes, it first validates the algorithm and signature on the JWT, using the information you provide in the policy configuration. If that succeeds, then the VerifyJWT policy checks the validity times (exp and nbf claims). If that succeeds, then VerifyJWT will verify other claims you specify.

If you use the Issuer element in the VerifyJWT configuration, then the VerifyJWT policy will look for the specified issuer ("iss" claim) in the JWT it is verifying. If there is no issuer, or if the provided JWT includes an "iss" claim that does not match, VerifyJWT will give you the error you reported.

<VerifyJWT name='VJWT-1'>
  <Algorithm>RS256</Algorithm>
  <Source>inbound.jwt</Source>
  <PublicKey>
    <Value ref='public_key_pem'/>
    </Value>
  </PublicKey>
  <!-- 
    The following tells VerifyJWT to look for urn://DinoChiesa as 
    the "iss" claim in the incoming JWT. If the incoming JWT does 
    not include this string as the "iss" claim, the VerifyJWT policy
    will throw a fault with "invalid claim: claim(iss)", even if the
    signature is valid.
  -->
  <Issuer>urn://DinoChiesa</Issuer>
</VerifyJWT>

View solution in original post

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

The error you are seeing is because of invalid issuer. Please check the string in token and the verify jwt policy are same.

View solution in original post

Jump to Solution
0 Likes
7 REPLIES 7
Top Solution Authors
View all