Hi,
I was wondering if anyone has any advice on using the JWT Validation Policy to validate an OAuth 2.0 access_token. I have been experiencing a problem where the JWT access_token validates and is signed correctly when check at https://jwt.io. Unfortunately, the JWT validation policy always results in an "invalid token" error with a 401 unauthorised response.
Note that I have been able to do the following:
- Get an OpenID authorisation code.
- Use the authorisation code to request and access_token.
- Use the id_token returned as part of the access_token response to make a successful call to the API via the JWT validation.
- However, if I use the access_token returned by the token request, I receive the "invalid token" error with a 401 unauthorised response, despite the token being a valid JWT and being signed correctly.
Would anyone have any pointers? I am not enforcing client ID validation or any of the claims.
I am actually trying to investigate using the JWT validation policy to enforce access to a systems API when called from a process API.
Thank you.
Hi,
Please find below link explaining how to use JWT and OAuth 2.0 with various Identity provider.
https://www.youtube.com/playlist?list=PL5GwZHHgKcuA0UY2IMd3xUr2T_-oeUPeg
Please let me know if you facing further issues.
Regards,
Jitendra
