**Do you want to request a *feature* or report a *bug*?**
bug may be.
**What i…s the current behavior?**
As suggested from community https://community.tyk.io/t/multiple-auth-schemes-for-single-api-definition/694/4, I put the so called `custom JWK URL`(http://localhost/files/idp_jwks.json, and it was verified the json can be accessed ) to the secret field, , but tyk cannot pick up the url of json to parse the JWT.
**What is the expected behavior?**
The API request can pass the authentication.
**If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem**
Below attached the api definition
```json
{
"id": "5964544ae595230001212bf1",
"name": "test",
"slug": "test",
"api_id": "9a83a146c3d341e376aebe945a92070e",
"org_id": "59635dd4e5952300019e3fb8",
"use_keyless": false,
"use_oauth2": false,
"use_openid": false,
"openid_options": {
"providers": [],
"segregate_by_client": false
},
"oauth_meta": {
"allowed_access_types": [],
"allowed_authorize_types": [],
"auth_login_redirect": ""
},
"auth": {
"use_param": false,
"param_name": "",
"use_cookie": false,
"cookie_name": "",
"auth_header_name": "Authorization"
},
"use_basic_auth": false,
"enable_jwt": true,
"use_standard_auth": false,
"enable_coprocess_auth": false,
"jwt_signing_method": "rsa",
"jwt_source": "aHR0cDovL2xvY2FsaG9zdC9maWxlcy9pZHBfandrcy5qc29u",
"jwt_identity_base_field": "sub",
"jwt_client_base_field": "",
"jwt_policy_field_name": "kid",
"notifications": {
"shared_secret": "",
"oauth_on_keychange_url": ""
},
"enable_signature_checking": false,
"hmac_allowed_clock_skew": -1,
"base_identity_provided_by": "",
"definition": {
"location": "header",
"key": "x-api-version"
},
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"expires": "",
"paths": {
"ignored": [],
"white_list": [],
"black_list": []
},
"use_extended_paths": true,
"extended_paths": {},
"global_headers": {},
"global_headers_remove": [],
"global_size_limit": 0,
"override_target": ""
}
}
},
"uptime_tests": {
"check_list": [],
"config": {
"expire_utime_after": 0,
"service_discovery": {
"use_discovery_service": false,
"query_endpoint": "",
"use_nested_query": false,
"parent_data_path": "",
"data_path": "",
"port_data_path": "",
"target_path": "",
"use_target_list": false,
"cache_timeout": 60,
"endpoint_returns_list": false
},
"recheck_wait": 0
}
},
"proxy": {
"preserve_host_header": false,
"listen_path": "/test/",
"target_url": "http://httpbin.org/",
"strip_listen_path": true,
"enable_load_balancing": false,
"target_list": [],
"check_host_against_uptime_tests": false,
"service_discovery": {
"use_discovery_service": false,
"query_endpoint": "",
"use_nested_query": false,
"parent_data_path": "",
"data_path": "hostname",
"port_data_path": "port",
"target_path": "/api-slug",
"use_target_list": false,
"cache_timeout": 60,
"endpoint_returns_list": false
}
},
"disable_rate_limit": false,
"disable_quota": false,
"custom_middleware": {
"pre": [],
"post": [],
"post_key_auth": [],
"auth_check": {
"name": "",
"path": "",
"require_session": false
},
"response": [],
"driver": "",
"id_extractor": {
"extract_from": "",
"extract_with": "",
"extractor_config": {}
}
},
"custom_middleware_bundle": "",
"cache_options": {
"cache_timeout": 60,
"enable_cache": true,
"cache_all_safe_requests": false,
"cache_response_codes": [],
"enable_upstream_cache_control": false
},
"session_lifetime": 0,
"active": true,
"auth_provider": {
"name": "",
"storage_engine": "",
"meta": {}
},
"session_provider": {
"name": "",
"storage_engine": "",
"meta": null
},
"event_handlers": {
"events": {}
},
"enable_batch_request_support": false,
"enable_ip_whitelisting": false,
"allowed_ips": [],
"dont_set_quota_on_create": false,
"expire_analytics_after": 0,
"response_processors": [],
"CORS": {
"enable": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 24,
"options_passthrough": false,
"debug": false
},
"domain": "",
"do_not_track": false,
"tags": [],
"enable_context_vars": false
}
```
The access token(The token can be passed via the normal JWT authentication method with public key):
```Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIwIiwiYXpwIjoiaVBob25lLUFwcCIsImlhdCI6MTQ4MjA3MTYzNiwiZXhwIjoyMTUwMDAzOTk1LCJraWQiOiI1OTY0NTVjNGU1OTUyMzAwMDEyMTJiZjIifQ.c1N1hPooRGXnK53lUOYVywmnX6vklpL9MayvoFeX1uANcigThXJjrM0WhwDFUKlwy37gn3Aef-cFJhpnJ52QwA```
The jwks json file:
```json
{
"keys": [
{
"alg": "RS256",
"kty": "RSA",
"use": "sig",
"x5c": [
"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ4AhQ6FGspvMAnBmclAzydVB35i/MJeDq+OB5di7YLy3VcH66MJ0NSnEy/s55hgcQQ+IozJK4UTyAyGwRGVxn8CAwEAAQ=="
],
"kid": "596455c4e595230001212bf2"
}
]
}
```
Attaches the RSA public / private key for your reference.
```
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ4AhQ6FGspvMAnBmclAzydVB35i/MJe
Dq+OB5di7YLy3VcH66MJ0NSnEy/s55hgcQQ+IozJK4UTyAyGwRGVxn8CAwEAAQ==
-----END PUBLIC KEY-----
```
```
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAJ4AhQ6FGspvMAnBmclAzydVB35i/MJeDq+OB5di7YLy3VcH66MJ
0NSnEy/s55hgcQQ+IozJK4UTyAyGwRGVxn8CAwEAAQJBAI6yn3kGo7SSiMs266KE
gtLeC3+M/QS6F/9bgeWqtiGdtRnRXyR50qesjPoD9q0Wmy9u0AkdX6Q6Zft+PMhR
LEkCIQDKbYgVSAze6wtXprtH/s4hiXKuydNVGb4N9en8D5klwwIhAMfRJHyJQQ1c
qhxdS0bwWYQac9g+RbKiiC/wnGENOUSVAiBpwlAWzk3rKWIDqVivhLCtVOJV75w6
Gfjx0kktJ/kbgQIgVpSDt8aNPmnxd7rg/Er2rqv7mC5bauzMD+G1EMR3FQUCIFrx
/GzNTSq7dvJzUh47kSO6HI2w+OYdXiYKZF29colc
-----END RSA PRIVATE KEY-----
```
**Which versions of Tyk affected by this issue? Did this work in previous versions of Tyk?**
Latest version from docker image.