JWT - JSON Issue

Google Cloud Apigee
1

I am working in a organization where we are using apigee on-premises.

We are using JWT Java callout from iloveapis developed by Dino.

We are looking to create the JWT token which takes JSON as input and gives JSON as output when decrypted. we have managed to make changes to the CreatorCallout to accept JSON data which is creating the JWT Token, when decrypted in JWT.io is displaying payload as JSON but the Parsercallout class in the Java Callout is failing because it not accepting JSON. (Parsercallout class in java callout i.e; JAR file is throwing an Execution Failure Error.

The code was been developed only for string and JSONArray.

I am looking forward for any one to comment on this. Wanted to make sure does the Apigee accepts JSON as payload.??

2

@Sharath Bathini ,

Recently we launched support for JWT using out of the box Policies. Did you get a chance to checkout same ?

Yes, Apigee does accept JSON as payload.

Anil Sagar


5997-screen-shot-2017-11-23-at-75916-pm.png
Learn Apigee Concepts in 4 Minutes HandsOn

3

@Anil Sagar We are currently on a OPDK and cannot upgrade until next six months, please let me know if we can use a DINO’s Java callout to support JSON in the Apigee for JWT.

4

@Sharath Bathini , @Dino is in a different time zone, Wait for him to get back online. He is the most active person in the community & can able to help you with same.

In the mean time, Please do post complete error response & steps to reproduce same with some generic input data for better context.

5

Hi Sharath

Can you explain what specifically you would like to do? Maybe there’s a workaround we can arrange.

Specifically what do you want the output JWT to look like? What claims do you want in that JWT?

I don’t understand why creating a JWT works, and Verifying it does not “work”. I’d need to know more about the execution failure - specifically the stack trace etc.

6

@Dino Dino. Thanks in the first hand for responding for the question posted.

We have designed three proxies to two on JWT Mechanism. We have utilized the open source code available in the iloveapis.

We wanted to use the JSON Object in the Claims_Claims and convert from JSON to String when the JWT Token is created.

The java class “Parsercallout” is accepting only String type of JWT and NaiveArray data type of JWT.

We wanted to pass JSON object.

7

Let me look into it.

8

I appreciate it and would be looking for the comment.

9

Can you try the latest push of https://github.com/apigee/iloveapis2015-jwt-jwe-jws. ?

Use version 1.0.15 of the jar

apigee-edge-callout-jwt-signed-1.0.15.jar

Update your policies to use that version.

Configure it like this for “JSON” claims.

<JavaCallout name='JavaCallout-JWT-Create'>
  <DisplayName>JavaCallout-JWT-Create</DisplayName>
  <Properties>
    <Property name="algorithm">RS256</Property>
    <Property name="pemfile">private.pem</Property>
    <Property name="private-key-password">{private.pempassphrase}</Property>

    <!-- standard claims to embed -->
    <Property name="issuer">https://apigee.net</Property>
    <Property name="expiresIn">300</Property> <!-- in seconds -->
    <Property name="id"/>

    <!-- Property names that begin with claim_json_ are parsed as json -->
    <Property name="claim_testname">CreateJwt_WithJsonClaim</Property>
    <Property name="claim_json_account">{"allocations":[4,"seven",false],"verified":true,"id":1234}</Property>
  </Properties>
  <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
  <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.15.jar</ResourceURL>
</JavaCallout>

In short, the value of a Property with a name that starts with claim_json_ will be parsed as JSON. The pretty-printed payload of the generated JWT looks like this:

{
    "iss" : "https://apigee.net",
    "testname": "CreateJwt_WithJsonClaim",
    "exp": 1523487108,
    "iat": 1523486808,
    "account": {
        "allocations": [
            4,
            "seven",
            false
        ],
        "verified": true,
        "id": 1234
    },
    "jti": "13c23020-7ce8-4ba2-8330-d95380a5d245"
}

You can also specify a variable there, like this:

  <Property name="claim_json_thing">{variable_name_here}</Property>

If you pass something that cannot be parsed as JSON, it will throw a fault.

Let me know if this works for you.

10

if we try to pass a parsed JSON object, the java callout is treating it as “[object Object]” which is a string and if we stringify the json first, the embedded claims is in a stringified format.

Please take a look at the attached picture.

When you notice the claims data in the picture, the data when decoded. we are getting it in a stringified format…

Please let me know, if you need any further details.

Thank you Dino

1111.png22222.png