Therefore, You mean to say the validate-jwt token is not able to determine the Kid value?
My Scenario
- I have Azure KeyVault and craeted a Key in it. For Example ,let say the Key-name is demoKey and its id is 714c28b0a8a547d997940eaa54d972f2.
- I have generated a JWT token by signing it by the private key of the Azure Key-Vault:- demoKey. created in step 1.
Jwt Token:- eyJhbGciOiAiUlMyNTYiLCJ0eXAiOiAiSldUIiwia2lkIjoiNzE0YzI4YjBhOGE1NDdkOTk3OTQwZWFhNTRkOTcyZjIifQ.eyJhdWQiOiAiMTgwMjIwMjAiLCAgInN1YiI6ICJ1c2VyLTAwMC0wMDAtMDAxIn0.BGYsegSRl2RVXEYiqbeO5ewijEDRRfRnzoWpXw9_3VFmkojM2co_-NI726Y5YZv4SomaaEe-Ul9jApQcQfvfc3Ib9jsFebZgkmzf4FS8OdWJ0Y_quRugsyHsTnc3poFFzTlwDEzlEpDCzJwk06ogXyAKxRh1Ke73aAkwQVGzgUWkF4I6KYjFOydPSlONKyKglOqgepYZjXOGnQY_AXBwNOmnNSzKzrT49aBQ6TztPlcJddzSSYNX5DsTX9NuS5jrrvj0N6sKycovoUdoFseO1tsrPF-4OSpzm1IK66LR4I8UxLlM6S9a8DHh2sW2D51gPTusrnAtZ_rVxTZvwExeRw
- Now when I pass the JWT Token in the request and want to validate it by the public key of the Azure Key-Vault:- demoKey. created in step 1.
- I am getting the public key calling the Azure Key-vault demoKey URL. The below response I get when I call the URL
{
"key": {
"kid": "https://azure-host-name/keys/demoKey/714c28b0a8a547d997940eaa54d972f2",
"kty": "RSA",
"key_ops": [
"sign",
"verify",
"wrapKey",
"unwrapKey",
"encrypt",
"decrypt"
],
"n": "uCbTYEqdDzGPTspx-daXLuSPQYpgwhp98g9_CYidchyVv-UhKXpnqEUo16KEjFLAtIGoO-zP0O_USURR5E_XroccIA1ZE7ERLz87v32bZJk_ljtAAwNlAiXHrXXNFOZ6E1QsZY2LiBBAC5aKOVUL6iY2QC-FxocuIHrgcplPltRqwcyF9ftRUuA5rKiXJp1M8EJUg0i_6tUdcRQ9TxLZJ_7tCqgvKQXzS-0SRcuX6l3T8_-_DR-CNEM6v_EOjLNoTpZPgYM1qlIsnlICX812ADToQgqmPp5At810ACei2EtNgzNH0kDgNjaV8nX93MGo7Tjdnks_SJtqAyC8aylpww",
"e": "AQAB"
},
"attributes": {
"enabled": true,
"created": 1583915663,
"updated": 1583915663,
"recoveryLevel": "Purgeable"
}
}
- This how I am using the Jwt-validation policy <validate-jwt token-value="@{return (string)context.Variables["id_token"];}" failed-validation-httpcode="401" failed-validation-error-message="Failed Validation" output-token-variable-name="VerifyPlatformJWT">
<issuer-signing-keys>
<key>@{
var publicKey = **"{<!-- -->{signing-key}}";** ===> This is the public key that I am using , which I got from step 4 (n)
string padded = publicKey.Length % 4 == 0
? publicKey : publicKey + "====".Substring(publicKey.Length % 4);
string base64 = padded.Replace("_", "/")
.Replace("-", "+");
return Convert.ToBase64String(Convert.FromBase64String(base64));
}</key>
</issuer-signing-keys>
Am I doing anything wrong?