This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

error verifying jwt

Posted on 05-29-2024 07:10 AM
Char-K
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hello @dchiesa1 @kurtkanaskie,

we're getting below error for verify jwt policy

jwt.VJWT-Sample.error 

Payload of JWE object is not a valid JSON object

error.class 

com.apigee.steps.jwt.verify.VerificationException

this is how we configure the policy for decrypting the inbound token:

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyJWT continueOnError="false" enabled="true" name="VJWT-Sample">
    <DisplayName>VJWT-Sample</DisplayName>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <Algorithms>
        <Key>ECDH-ES+A256KW</Key>
        <Content>A256GCM</Content>
    </Algorithms>
    <Source>resource_response</Source>
    <PrivateKey>
        <Value ref="private.ec_privatekey"/>
    </PrivateKey>
    <TimeAllowance>86400s</TimeAllowance>
</VerifyJWT>

 

the assign message that we use for verify jwt:

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="AM-ResourceDecryptionUsingPrivateKey">
    <DisplayName>AM-ResourceDecryptionUsingPrivateKey</DisplayName>
    <AssignVariable>
        <Name>private.ec_privatekey</Name>
        <Value>-----BEGIN PRIVATE KEY-----
MIGHAgEAMBNMBBbhjvjhg5675BHJGJHVJB7856GHJGHGBJKLJKLJLKJ87895/YZ9G
jhghjkgHJGHJGJHVBHJB79678VHJG678B8668b68B67B667GV67GG6BYJLBLLVLHV
9ySLIuvcYqd3qNzW9jB8MXchP4mgD9wtIvkUop76JOAdbSNVY8EBkeUd
-----END PRIVATE KEY-----</Value>
    </AssignVariable>
<AssignVariable>
        <Name>resource_response</Name>
       <!-- this is retrieved after the token call -->
<Value>eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiRUNESC1FUytBMjU2S1ciLCJraWQiOiI4Smk5UHRTWS1wM1h0SHFfOWJBOWhUX1dt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiX1B5RGtzdHN4RTZadlhhUVpiT04wMm.....uzONYHrZEx8pTLMw</Value>
    </AssignVariable>
</AssignMessage>

 

note: the values provided are not the actual values that we use.

 

{
    "fault": {
        "faultstring": "Invalid token: policy(VJWT-Sample)",
        "detail": {
            "errorcode": "steps.jwt.InvalidToken"
        }
    }
}

 

We also check the token along with the private key using this tool: Online JWT tool which worked and we got the decoded payload and we saw the actual json. So I'm not sure what is wrong on the vjwt policy.

If there's something that I'm missing, please let me know. Thank you.

Also, I've looked from this pages as well:
Does APIGEE supports JWE and Encryption? - Google Cloud Community
How to decode the encrypted JWE token using the EC... - Google Cloud Community
Solved: JWT verification failing in Apigee for azure b2C t... - Google Cloud Community

4 11 560
Topic Labels
11 REPLIES 11