Hello ,

I m trying to verify JWT token in gateway script and getting below JWS HMAC validation error.

Error : JWS HMAC Validation Failed

Signed Algorithm : HS256

Symmetric Key in Test_SharedSecretKey object : 0x3524047261128357EA5CD189C2FB01F9706DA93937A02D299ABF4F28B7F721D5 (also tried with removing "0x")

I m using below Gatewayscript to validate the JWT

var jwt = require('jwt');

var ImageId = '';

try {

var password = 'name:Test_SharedSecretKey';

var Token = session.parameters.Token;

var jwtToken = Token.toString();

var decoder = new jwt.Decoder(jwtToken);

decoder.addOperation('verify', password) // verify with key in Test_SharedSecretKey object

.addOperation('validate', {

'aud': 'Test'

}) // validate JWT

.decode(function(error, claims) {

if (error) {

session.output.write('error validating JWT :' + error);

console.error('error validating JWT :' + error);

} else {

ImageId = claims.stmtid;

// write the Payload to output

if (ImageId !== undefined && ImageId.length > 0) {

session.output.write(ImageId.toString());

} else {

session.output.write('error validating JWT');

}

}

});

} catch (error) {

session.output.write('error validating JWT : ' + error);

}

The above gateway script been working if i give Key:3524047261128357EA5CD189C2FB01F9706DA93937A02D299ABF4F28B7F721D5 as param to verify but it's failing when refer shared secret key object as name:Test_SharedSecretKey.

Can you please let me know if i m missing anything here ..?

Hi,

did you try to refer the key without 'name:'? Just use 'Test_SharedSecretKey'.

--HP

Thank you, it worked. Is that mentioned any where in IBM Knowledge center...?

Not directly, but its visible through the examples:

https://www.ibm.com/support/knowledgecenter/SS9H2Y_10.0/com.ibm.dp.doc/jwt_js.html

--HP