AnsweredAssumed Answered

JWT Implementation

Question asked by Pramod.Talekar on Jan 8, 2019
Latest reply on Jan 8, 2019 by Mark_HE



I need to implement JWT, I think the flow should be like this:

-- when  user logs in successfully ==> CA proxy will generate an ID token, Encode/Encrypt (?) it, send it back to user as a header response.


Below are few queries :

1. I am using Gateway version 9.4 . The policy manager has an assertion 'Generate ID token' with description 'Generate an ID token with JSON message. Also I see 'Generate and Validate an ID token' in CA API Management OAuth Toolkit - 4.2 . Which one to be used and what is the difference?


2. If while processing the first request, ID token is created , encoded and sent back to user, then how is the flow while decoding the token ?


3. When/why to use Json Web Key ?


Thanks a lot.