Solved: [VerifyJWT] Invalid JWS header: Invalid JSON: Unex... - Page 2

dananpsn46 · 05-15-2020 09:19 AM

Hi guys,

I have an issue as I wrote in the title regarding the VerifyJWT policy.

I'm trying to validate the external JWT provided by keycloak but I'm receiving this message error:

Invalid JWS header: Invalid JSON: Unexpected token �z��&�r#�%%3#Sb"�'G�"�$�uB"�&��B"�%�C�wu7��ƦDD$��5CEw��tW��Ĥ�FuV6EFr' at position 84.

I'm using the follow policy (extracted):

<DisplayName>Keycloak-Verify-JWT</DisplayName>

<Algorithm>RS256</Algorithm>

<Source>request.header.authorization</Source>

<PublicKey> <Value ref="public.jwt"/> </PublicKey> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>

public.jwt = public key provided by keycloak v10.0.0

I also tried the validation step in jwt.io and it's ok.

EDIT1: The DecodeJWT policy also fail for the same reason, I've checked the token format and it seems correct

header.payload.signature

dananpsn46

Hey I found the solution and I want to share here in case of someone has the same problem.

The issue I experienced was triggered by the presence of the word "Bearer" inside the Authorization header.

I added an ExtractVariables policy with this piece of code

<ExtractVariables name="Extract-Variables-1"> 
  <DisplayName>Extract Variables-1</DisplayName> 
  <Properties/> 
  <Header name="Authorization"> 
    <Pattern ignoreCase="false">Bearer {private.jwt}</Pattern> 
  </Header> 
  <Source clearPayload="false">request</Source> 
</ExtractVariables>

With that policy you can extract the JWT from the header and pass it through the next step (validation or decode)

View solution in original post

[VerifyJWT] Invalid JWS header: Invalid JSON: Unexpected token..