JWT validation fails with token issued by external provider


I wonder why the key validation fails when I try to configure it for an external JWT starting with:
“kid”: “rsa1”,
“alg”: “RS256”
I have created the key via REST (POST /tyk/keys/{kid}) so that it matches the Tyk conventions.
As the “secret” I entered the public key which I received from the JWT provider.
If I enter the data in http://jwt.io it says: “Signature Verified”
But Tyk says {“error”: “Key not authorised”}, and in the log I find:
“Token validtion errored: asn1: structure error: tags don’t match (2 vs {class:0 tag:6 length:9 isCompound:false}) {optional:false explicit:false application:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} @2

If I do the same using a key pair which I have generated by ‘openssl genrsa’ then everything works fine.
Here the kid references the correponding Tyk key which I created via the Dashboard (secret created via ‘openssl rsa’).
“kid”: “56cec299333ef329e200000728318ec495164c9c6b305b2c518ca514”,
“alg”: “RS256”

Apparently Tyk verifies in a different way than “http://jwt.io”.
Maybe someone knows a test tool which works exactly like Tyk when it verifies the signature?

Thanks for any hints,

Hi Erik,

That error indicates that the RSA keys are formatted differently or the alg is different to what isspeciied in the token.

Tyk is compatible with jwt.io, we’ve used tokens from there before to validate that it works, but there seems to be a mismatch with what is in Tyk, in particular, it looks like a key error. Tyk expects PEM-encoded tokens.