Azure Api Management ValidateJWT With Rs256 PrivateKey

0
votes

I can understand that we can do JWT validation easily by using symmetric keys(HS256) and open id for the RS256.

In my case I want to validate the JWT using existing private key that I already have. Payload will be encoded by public key, and at the API Management side I want to validate that token with my own predefined private key. Is there a way to do that?

2
azurejwtazure-api-management
Have you gone through this doc ? docs.microsoft.com/en-us/azure/api-management/… - Stanley Gong
Yes, it mention RS256 in OpenId, what I need just to decrypt token with RS256 Private key in Azure APIM policies. - Ocky Saktya

2 Answers

0
votes

It should be possible to decrypt it manually if needed. But perhaps using output-token-variable-name attribute of validate-jwt policy will be a simpler way out.

0
votes

Well I can't decrypt the payload but we managed to make it pass di validate-jwt set open id url to a mock openid-configuration file, and convert our *.pem key into jwt key, and then refer the jwtk-url in the mock openid-configuration to that jwtkey json.