Validate JWT in Azure APIM policy

0
votes

In Azure APIM, I am trying to create a policy that will validate a JWT. No matter what I try, I always get a "401: Invalid JWT" error. Does anyone know what I'm doing wrong? (Maybe I'm not using the right signing key?)

My base64 encoded security key is Zm9v.

I create sample token at jwt.io and so my Authorization header is:

Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.Bm8tu4m18oA96xwhBL8AV_4hRpIU6OrK5UaOmGqBEsk

Here's the policy I am using:

<policies>
    <inbound>
        <base />
        <validate-jwt
            header-name="Authorization"
            require-expiration-time="false"
            require-scheme="Bearer"
        >
            <issuer-signing-keys>
                <key>Zm9v</key>
            </issuer-signing-keys>
        </validate-jwt>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

HTTP Response:

cache-control: private
content-length: 48
content-type: application/json
ocp-apim-trace-location: https://xxxxxxx
vary: Origin
{
    "statusCode": 401,
    "message": "Invalid JWT."
}
2
azureazure-api-management
What's the details error message?Joey Cai
I added the HTTP response to be question.user3075978

2 Answers

5
votes

Problem was my key size was too small.

When testing the API in Azure, there is a Trace tab, but it is missing the On Error section.

enter image description here

You have to go to the Message tab. There is an ocp-apim-trace-location which will show the full trace. enter image description here

It turns out the key size I was using was too small. It was only 24 and needs to be at least 128. enter image description here

-1
votes

The token you provided is invalid signature. Go to jwt.io to check your token firstly.

The policy you provided it right. For more details, you could refer to this article.