APIM Validate JWT Policy giving error when require-signed-tokens="false" to skip the signature validation



I am using APIM to validate JWT Tokens and this is how my policy looks .

<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="false" />

I need to check the token expiration alone . As require-signed-tokens is set to true by default .To skip the signature validation I have set require-signed-tokens="false" It was mentioned in this blog


By using the above policy I am facing this error. It was looking for security keys when mentioned require-signed-tokens="false" .

validate-jwt (-0.122 ms) { "message": "JWT Validation Failed: IDX10500: Signature validation failed. No security keys were provided to validate the signature.." }

Please suggest a fix or a workaround for this.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,743 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JananiRamesh-MSFT 20,996 Reputation points

    @Sanka, Sri Naga Sai Pravallika (Cognizant) Thanks for your patience! Required-signed-tokens = false simply removes the requirement for the incoming token to have a signature. However, if the incoming token has a signature, it will be validated, and an error is thrown if the signature is invalid. In the scenario above, it seems like the token does have a signature, so the error is expected. 

    do let me know incase of further queries, I would be happy to assist you.

    0 comments No comments