May I clarify?
However. The new interface is not a text box and so the text formatting of the key removes newlines.
I understand that you are pasting the public key into the textbox in the UI… and that is when the newline-to-space conversion happens, and that’s causing the problem you reported where the same public key no longer works to verify the JWT. And this works of you use the “old UI” to paste in the public key.
is that right?
And specifically you are using custom attributes on the app.
Does the KVM even enter into the picture? I don’t see the need for KVM in any of this.
I think the problem is that at runtime the VerifyJWT policy expects the public key to look like this:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5iLGOwNkhepd+pAcW83
...
bUMrRhfFzbLWkhxO23VIRUYSE3PMBFvLPfH99wSJVUkVRbhJv/rFdwRQKJlUuIWV
kQIDAQAB
-----END PUBLIC KEY-----
But, because of the “helpful” magic conversion of newlines to spaces done by the UI, you are getting this at runtime:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5iLGOwNkhepd+pAcW83 ... kQIDAQAB -----END PUBLIC KEY-----
This seems like a bug to me. I created a ticket to track - internal reference b/340359934 .
If that is the case, you can do the requisite surgery on the PEM string using AssignMessage, to reform the public key into something the policy can use. Like this:
<AssignMessage name='AM-Reform-Key'>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignVariable>
<Name>whitespace_pattern</Name>
<Value>\s+</Value>
</AssignVariable>
<AssignVariable>
<Name>pem_header</Name>
<Value>-----BEGIN PUBLIC KEY-----</Value>
</AssignVariable>
<AssignVariable>
<Name>pem_footer</Name>
<Value>-----END PUBLIC KEY-----</Value>
</AssignVariable>
<AssignVariable>
<Name>empty_string</Name>
<Value></Value>
</AssignVariable>
<AssignVariable>
<Name>newline</Name>
<Value>
</Value>
</AssignVariable>
<!-- get the mangled PEM key with spaces in place of newlines -->
<AssignVariable>
<Name>tmp</Name>
<Ref>verifyapikey.VerifyAPIKey-1.rsa-public-key</Ref>
</AssignVariable>
<!-- remove PEM header and footer -->
<AssignVariable>
<Name>tmp</Name>
<Template>{replaceAll(tmp,pem_header,empty_string)}</Template>
</AssignVariable>
<AssignVariable>
<Name>tmp</Name>
<Template>{replaceAll(tmp,pem_footer,empty_string)}</Template>
</AssignVariable>
<!-- replace all remaining whitespace with newline -->
<AssignVariable>
<Name>tmp</Name>
<Template>{replaceAll(tmp,whitespace_pattern,newline)}</Template>
</AssignVariable>
<!-- re-apply header and footer -->
<AssignVariable>
<Name>reformed-publickey</Name>
<Template>{pem_header}
{tmp}
{pem_footer}
</Template>
</AssignVariable>
</AssignMessage>
The result in reformed-publickey
is of the desired form.