0

I have an APIM API, which is associated with a Product(Product scope). When I test the API within APIM (Test tab), everything works fine.

But when I copy the same headers along with the same Authorization JWT token to Postman and test the API, I'm getting 401 error with the error reason Signature validation failed. I see the kid value in JWT is different in both the cases (testing within APIM, postman).

When I remove Product for the APIM API, the request from postman works fine with the same JWT token.

Can someone please help me understand why JWT validation is failing when the Product is mapped to APIM API?

JWT Validation policy is as below. We have our own JWT token generation mechanism, those details are part of Named Values

<policies>
    <inbound>
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Invalid_AccessToken" require-expiratation-time="true" require-scheme="Bearer" require-signed-tokens="true" output-token-variable-name="outToken">
         <openid-config url="{{openid-config-url}}" />
         <issuers>
            <issuer>{{issuer id}}</issuer>
         </issuers>
        </validate-jwt>
    </inbound>
</policies>
sivan
  • 57
  • 8
Madhu
  • 415
  • 1
  • 4
  • 15
  • Do edit the question with policy statements and screenshots which helps to understand the JWT validation in Product Scope. – Ecstasy Jan 20 '22 at 05:27
  • 1
    Meanwhile, you can refer to [Azure API Management: authorization with Oauth2 401 gives "Unauthorized. Access token is missing or invalid."](https://stackoverflow.com/questions/59377752/azure-api-management-authorization-with-oauth2-401-gives-unauthorized-access), [Azure API Management JWT validation fails](https://stackoverflow.com/questions/51039420/azure-api-management-jwt-validation-fails) and [Troubleshooting 4xx and 5xx Errors with Azure APIM services](https://techcommunity.microsoft.com/t5/azure-paas-blog/troubleshooting-4xx-and-5xx-errors-with-azure-apim-services/ba-p/2115752) – Ecstasy Jan 20 '22 at 05:28
  • @Madhu Do have a policy in your Product? – Markus Meyer May 24 '22 at 06:42
  • Yes, I have policy in my product. Issue has been resolved. Cert has been renewed by the token issuer but APIM cached the old cert public key. After restarting APIM it started working – Madhu May 25 '22 at 11:05

0 Answers0