JWT API Gateway

Hi,

I have been searching for posts in the community about the JWT. I was wondering if there are tutorial documentation about JWT?

API Gateway supports protecting the API’s via JWT. There seems to be no developer tutorial posted in the community yet. But it is explained in the Doc.

Hi,

I have followed the documentation on 10-1_API_Gateway_User_Guide and 10-1_Integration_Server_Administrators_Guide. I was able to set up the issuer and the certificate mapping with the audience included I am but having the error “[YAI.0101.0018E] … Error occurred while processing the request, Error: The request cannot be authenticated”.

Looking at the logs seems not to give me more information. May I know if there are any more set-ups that is needed to be done?

Hi,
You can increase the logger level to see the reason for the failure.
Also you can manually verify few things
You can decode the token using https://jwt.io/

  1. Make sure issuer name is the same
  2. verify the token by providing the public certificate in https://jwt.io/, if the certificate is valid then you should see the “Signature verified” at the bottom.
  3. Also check the audience in the token contains the audience you have provided
1 Like

Thank you this helped me :slight_smile: