We’ve been playing with Tyk extensively today to try to get JWT authorization to work with the updates you made. We made a few discoveries and wanted to share them with you.
We modified the Tyk-format API definition to include a base64 encoded RSA public key in the
jwt_sourcefield. After adding this definition via the “Import API” page, the field was not present when we viewed the API definition in Mongo. Thus, we had to update it directly in Mongo. Relatedly, we discovered that if you update an API through the dashboard which we had manually updated in Mongo, our manual updates (
jwt_policy_field_name, etc.) were erased.
We attempted to specify a JWK URL in the
jwt_sourcefield as you had in the example test code, but were unable to do that successfully. As we were watching the logs, it was printing out jibberish. Although, we did not dig into it much, we are suspicious of the
As you may already know, we’re trying to get Tyk to work with an Auth0 JWT. So far the
jwt_source field has been helpful. We also had to hard-code an API policy ID, since Auth0 does not know about Tyk policies.
Anyways, just a few FYIs.