Solved: generateJWT policy: How to create JWS with typ=JOS... - Page 2

nimishamahale · 10-09-2018 06:03 AM

Hello,

I am trying to add the below additional header claim in the generateJWT policy:

<AdditionalHeaders>
  <Claim name="typ">JOSE</Claim>
</AdditionalHeaders>

But I am getting error during the deployment saying-

Invalid name for additional header: policy(policyname) header(typ)

I need to update the typ attribute in the header to JOSE.

How can I achieve the same?

dchiesa1

You cannot.

Using the GenerateJWT policy, today, you cannot generate a JWT that includes a header, which itself includes a claim named "typ" with a value that is "JOSE". In fact, when you use GenerateJWT, the "typ" claim is always included in the header, and the value is always "JWT".

Can you explain why you need the typ claim to be different from JWT? The output is, actually, a JWT, so that seems like the right value. The JWT specification says:

   The "typ" (type) Header Parameter defined by [JWS] and [JWE] is used
   by JWT applications to declare the media type [IANA.MediaTypes] of
   this complete JWT.  ...  If present, it is RECOMMENDED that
   its value be "JWT" to indicate that this object is a JWT.

BTW, if what you want is a JWS, Apigee has the GenerateJWS policy that allows you to generate a JWS with a typ=JOSE header. You can specify anything you like for typ= and cty= in the header, etc.

<GenerateJWS name='gjws-001'>
  <Algorithm>RS256</Algorithm>
  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
  <PrivateKey>
    <Value ref="private.key"/>
    <Id ref='private_key_id'/>
  </PrivateKey>
  <Payload ref='variable_holding_payload'/>
  <AdditionalHeaders>
    <Claim name='typ' ref='variable_holding_typ'/>
    <Claim name='cty' ref='variable_holding_cty'/>
  </AdditionalHeaders>
  <OutputVariable>variable-name-here</OutputVariable>
</GenerateJWS>

View solution in original post

generateJWT policy: How to create JWS with typ=JOSE