Hello Tech Enthusiasts,
Please refer to the previous article, Part 1, to understand how we generate and upload certificates in IBM API Connect.
This article continues focusses on the generation of JWT tokens using the APIC v10 jwt-generate policy.
- Login to APIC Manager console and go to develop tab. Create new API using OpenAPI 2.0. You can use OpenAPI 3.0 as well as jwt-generate policy remains the same.
- Give the Title as ‘JWT Generation and Validation’ and base path ‘/securetoken’. Select next and create the API
- Delete the blank path and create following path with ‘get’ Operations. I’m using get here, but it may vary according to your requirement. For now, I’m keeping it simple.
- Navigate to the Gateway tab and drag the operation-switch into the assembly section.
- Construct two cases based on the operations as follows
- For generate part, drag the jwt-generate in the assembly section and fill the forms as following:
- Empty the JSON Web Token as we prefer the response to be sent tin Authorization header.
-
Issuer Claim:
request.headers.iss-claim -
Audience Claim:
request.headers.aud-claim - Reduce the validity period to
60seconds to facilitate the testing of both successful and failure scenarios easily. -
Cryptographic Algorithm:
RS256 -
Sign Crypto Object:
personal_sandbox_tlsp-jwt-keyprofileV1.0.0-key
- Click Save and Publish the API.
For simplicity, I’m only using X-IBM-Client-Id as client validation. Let’s generate JWT token now
When using Postman, consider automating the token process with JavaScript instead of copying and pasting the token manually.
Select the Request in Postman and go to Scripts tab. Add following JavaScript to the ‘post-response section’
let access_token = pm.response.headers.get("Authorization");
pm.globals.set("jwt_token", access_token);
Let’s move to now Part 3 of validation of above generated token.
Top comments (0)