Hi There,

we wanted to validate the signature of JWT token against the below key-set(rotation). Am wondering what is this "n' value.

In generally the jwt would be signed with private-key and validate with public key, but how would I convert the "n" from the below to public key and verify the signature of jwt token?

{
  "keys": [
  {
    "kty": "RSA",
    "alg": "RS256",
    "use": "sig",
    "kid": "3405d0ec4edf60539acf73be64604d49a097189a",
    "n": "vBNfb9rmZLTwVpjoeT9lsLvzwl5rAVWGius9n2AFdibXlTaA_o...",
    "e": "AQAB"
  },
  {
    "kty": "RSA",
    "alg": "RS256",
    "use": "sig",
    "kid": "ac7ebbdff9e77669785f4c530fe2d4a6408bc98d",
    "n": "1L2jYqXcdvdxtY10zT3PTZyTxG_gIScRcSheHYsuRMfdsh40x...",
    "e": "AQAB"
  },
  {
    "kty": "RSA",
    "alg": "RS256",
    "use": "sig",
    "kid": "1838c3d30929ad5f8a84b124538d467dc612cd4f",
    "n": "sblvLT44RjceIc7_sxgOfKmy3Ddm81n4qtjzlFO-VZtampq...",
    "e": "AQAB"
  },
  {
    "kty": "RSA",
    "alg": "RS256",
    "use": "sig",
    "kid": "978ca4118bf1883b316bbca6ce9044d9977f2027",
    "n": "qpe-lPi7HVP8_SRqodC19iWDcYJ-5-wZbBxxxgszoPbphgN8...",
    "e": "AQAB"
  }
  ]
}

Mark, we are not using Azure we are using some other IAM vendor can't disclose it.Basically i have to verify signature of the jwt token.Essentially we get kid in the jwt we have to match the corresponding kid in the keys which i captured in the first msg,this keys i will make a call to vendor to retrieve the keys change dynamically every month. Not sure how to peform it.I was thinking like first i will make a call to the vendor and will put the keys in the catche and will compare the kid against the keys and which ever kid match will extract the key and will verify the signature.Does this is mechanism supported by API gateway 9.1?

We are using some thing similar to google key rotation.The key rotation is done approximately 4 times in a year,so could you let me know the better recommendation how much time i should set for max acceptable age ,can i have some thing like 2 months(in sec)? Pls advice.

Hi there,am unable to have i variable inside key ID which throws an exception,which mean am looping with for each run assertion with an iteration no since there are few key-sets received from google.Pls advice.

there is an assertion that can be used to retrieve a variable at a certain position of a multi-valued variable:

Look Up Item by Index Position Assertion

Look Up Item by Index Position Assertion - CA API Gateway - 9.3 - CA Technologies Documentation 

put that before the 'decode Json Web Token' assertion to retrieve the key id and then use that resulting variable in the Key ID field

I hope that helps

Thanks for the reply.Am just wondering in the google key-set we received the keys are quite different which mean they doesn't look alike public keys, infact the decode jwt assertion validate the signature of the msg with the google keys.

Generally the public keys starts with Begin and End certificate lines.I presume the google uses RSA(asymmetric) but their 'n' value of cert doesn't sounds like a public cert. Pls comment on it.

Did you run into any errors after using that in the Key ID field? If so, what was the error or behaviour observed?