Verify JWT failed when using JWKS

pimonnat · January 16, 2025, 6:39am

I have generated a signed JWT RSA256 and then try to verify it.

When I verify with a public key that config in KVM, it working fine

<Algorithm>RS256</Algorithm>
<Source>jwt</Source>
<PublicKey>
	<Value ref="public.key"/>
</PublicKey>

But when I verify with JWKS, I got an error “Could not find a matching Public Key”

<Algorithm>RS256</Algorithm>
<Source>jwt</Source>
<PublicKey>
	<JWKS ref="json-jwks"/>
</PublicKey>

the json-jwks is variable that I set in javascript

var jwks = {
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "123456789",
      "alg": "RS256",
      "n": "iq.."
    }
  ]
};

context.setVariable("json-jwks", JSON.stringify(jwks));

I’m not sure where the error occurred.

Because the value of jwks is generated from PUBLIC KEY (which is same as public.key).

dchiesa1 · January 16, 2025, 7:06pm

When you use a JWKS as a key source, the JWT that you hope to verify must have a JWT header that has a kid field that refers to a key in the JWKS.

Do you have that?

The kid in your JWKS is

123456789

Does your JWT have that as the value for kid in the header?

If you do not have that, then you will see the error, “Could not find a matching Public Key”.

Topic		Replies	Views
Could not find a matching Public Key: policy(verifyJWT) -Error Apigee api-runtime	9	170	June 12, 2023
Verify jwt using jwks Apigee apigee-x	4	126	February 1, 2023
Encrypting JWT using JWKS Apigee api-runtime	2	23	August 15, 2020

Verify JWT failed when using JWKS

AI Suggested topics