Tutorial: Validate a JSON Web Token (JWT)
This tutorial shows you how to define and implement a REST API definition that validates a JSON Web Token (JWT).
About this tutorial
In this tutorial, you complete the following lessons:
Note: The Sandbox catalog must be configured to use either a DataPower® Gateway (v5 compatible) or a DataPower API Gateway or both. See Creating and configuring catalogs.
Before You Begin
Also do the following steps.
- Complete the Tutorial: Generate a JSON Web Token (JWT) tutorial. This tutorial generates a JSON Web Token that can be validated by this tutorial. You need this JWT to test this validation API.
Validate a JWT
Create a REST API to validate a JSON Web Token (JWT).
To add and define this REST API, complete the following steps:
- Log in to API Manager.
- In the Welcome page, click the Develop APIs and
Products tile.
- Click
.
- Ensure that OpenAPI 3.0 is selected.
- Select New OpenAPI. Click Next.
- Enter the appropriate information to create a REST API definition.
- Click Next.
- Change no the Secure screen. Click Next.
- You see the progress as the new API gets created. When it is done, you see a Summary. Click
Edit API.
- In the side bar of the Design page, select Paths to display the Paths panel.
- Click Add.
- In the path name field, enter /val.
- Click Create.
- Scroll down. In the Parameters section, click
Add.
- Enter Authorization in the Parameter name field.
- Select the header in the Located In field.
- Enter Enter Bearer <jwt> to match in the Description field.
- Select Required.
- Click Create.
- Scroll down. In the Schema section, click
Create
- Select the string in the Type field.
- Click Create.
- After you create the parameter, click Save.
- Click Componets > Responses.
- Click Add.
- The Response name field auto-populates with 200.
- Enter 200 OK in the Description field.
- After you create the response, click Save.
- Click Gateway.
- Hover the mouse over the existing Proxy or start
action and click the trash can icon to delete it.
- Drag the Set Variable action onto the processing flow line. A configuration panel automatically opens.
- Click Add action.
- Enter hs256-key in the Set field.
- Select the string in the Type field.
- Enter a JWK in the Value field. The following is an example. {
"alg": "HS256", "kty": "oct", "use": "sig", "k":
"o5yErLaE-dbgVpSw65Rq57OA9dHyaF66Q_Et5azPa-XUjbyP0w9iRWhR4kru09aFfQLXeIODIN4uhjElYKXt8n76jt0Pjkd2pqk4t9abRF6tnL19GV4pflfL6uvVKkP4weOh39tqHt4TmkBgF2P-gFhgssZpjwq6l82fz3dUhQ2nkzoLA_CnyDGLZLd7SZ1yv73uzfE2Ot813zmig8KTMEMWVcWSDvy61F06vs_6LURcq_IEEevUiubBxG5S2akNnWigfpbhWYjMI5M22FOCpdcDBt4L7K1-yHt95Siz0QUb0MNlT_X8F76wH7_A37GpKKJGqeaiNWmHkgWdE8QWDQ",
"kid": "hs256-key" }
- Close the property panel. Click Save.
- Drag the Validate JWT action onto the processing flow line after the
set-variable icon. A configuration panel automatically opens.
- Enter hs256-key in the Verify Crypto JWK variable
name field.
- Close the property panel. Click Save.
- Drag the GatewayScript action onto the processing flow line after the Validate JWT icon. A configuration panel automatically opens.
- Enter the following code:
var apim = require('apim'); apim.setvariable('message.body',apim.getvariable('decoded.claims'));
- Close the property panel. Click Save.
- Ensure that the Show catches option is enabled so that the
catch area is displayed.
- Click Catches. A property panel opens.
- Click Add default catch.
- Drag the GatewayScript policy action onto the catch flow line.
- Enter the following code:
var apim = require('apim'); apim.setvariable('message.body',apim.getvariable('jwt-validate.error-message'));
- Close the property panel. Click Save.
Testing the REST API
Note: Due to Cross-Origin Resource Sharing (CORS)
restrictions, the assembly test tool cannot be used with the Chrome or Safari browsers on the macOS
Catalina platform.
To test the REST API, you need a valid JWT. You can obtain such a JWT by starting the API created
in the Tutorial: Generate a JSON Web Token (JWT). To test the REST API,
complete the following steps:
Manage your API definition
Now, that your new API works correctly, you can manage this API. To see your immediate options, take the following steps.
What you did in this tutorial
In this tutorial, you completed the following activities:
- Created a new API definition that validates a JSON Web Token (JWT).
- Tested the new API.