Hi,
I wonder why the key validation fails when I try to configure it for an external JWT starting with:
{
“kid”: “rsa1”,
“alg”: “RS256”
}
I have created the key via REST (POST /tyk/keys/{kid}) so that it matches the Tyk conventions.
As the “secret” I entered the public key which I received from the JWT provider.
If I enter the data in http://jwt.io it says: “Signature Verified”
But Tyk says {“error”: “Key not authorised”}, and in the log I find:
“Token validtion errored: asn1: structure error: tags don’t match (2 vs {class:0 tag:6 length:9 isCompound:false}) {optional:false explicit:false application:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} @2”
If I do the same using a key pair which I have generated by ‘openssl genrsa’ then everything works fine.
Here the kid references the correponding Tyk key which I created via the Dashboard (secret created via ‘openssl rsa’).
{
“kid”: “56cec299333ef329e200000728318ec495164c9c6b305b2c518ca514”,
“alg”: “RS256”
}
Apparently Tyk verifies in a different way than “http://jwt.io”.
Maybe someone knows a test tool which works exactly like Tyk when it verifies the signature?
Thanks for any hints,
Erik