on 2019 Oct 11 3:37 PM
Hi all,
I am using policy "Verify JWT" and have a question about how to get JWT in HTTP request.
If I set <Source>request.header.xxx</Source> in policy, and I set JWT in xxx in request header, it wokrs.
But what if JTW is set like "Bearer KJD2uiKJ98Hkjhh2773d", in header Authorization?
"KJD2uiKJ98Hkjhh2773d" is my JWT but it begins with "Bearer", how can I get an verify in this case?
Hi Ming,
Sharing a blog series on JWT token validation https://blogs.sap.com/2019/09/02/part-1-modeling-the-jwt-token-verification-flows-in-sap-cloud-platf... .
You can use the Source element of VerifyJWT token policy to provide the source of your JWT token. If Source is not present, VerifyJWT token policy will read the JWT token from the HTTP header named authorization , with the token passed in the format Bear xxxxxx
Thanks and Best Regards,
Divya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, Divya, thanks for the reply, yes, I have tried and by default, policy would check authorization in header.
But what if I don't know where JWT was set in request, how can I find it in API management?
Is there some tools by which I can see the request object? I have used debug tool but looks like I cannot see request data there.
Hi Ming,
By default incoming request headers or payload is not logged in SAP Cloud Platform API Management. To see the incoming request headers, you would have to use a JS policy and loop through all the headers using context variable request.headers.
Thanks and Best Regards,
Divya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
59 | |
10 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.