I try to limit access to a REST API using a JWT token using the validate-jwt policy. Never did that before.
Here's my inbound policy (taken from the point Simple token validation here):
<validate-jwt header-name="Authorization" require-scheme="Bearer">
<issuer-signing-keys>
<key>{{jwt-signing-key}}</key>
</issuer-signing-keys>
<audiences>
<audience>CustomerNameNotDns</audience>
</audiences>
<issuers>
<issuer>MyCompanyNameNotDns</issuer>
</issuers>
</validate-jwt>
Using this generator I created a claim (I'm not sure whether I understood issuer and audience correctly):
{
"iss": "MyCompanyNameNotDns",
"iat": 1572360380,
"exp": 2361278784,
"aud": "CustomerNameNotDns",
"sub": "Auth"
}
In the section Signed JSON Web Token I picked Generate 64-bit key from the combo box. The key that was generated I put in the place of {{jwt-signing-key}}.
Now, I'm trying to call the API using Postman. I add an "Authorization" header, and as the value I put "Bearer {{ JWT created by the linked generator }}".
I get 401, JWT not present. What am I doing wrong?
Jim Xu's answer to encode the key as base64 string in the policy allowed me to get this far :-)
I set the Ocp-Apim-Trace parameter to true in order to debug it more closely. I followed the link provided in the response under ocp-apim-trace-location, and in the "on error" section I found the following message:
JWT Validation Failed: IDX10225: Lifetime validation failed. The token is missing an Expiration Time. Tokentype: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'..
Which is funny, because I have set the Expiration Time... to 2099.
I changed it to a month from now and it worked just fine.