Verify JWT authentication in TYK using Postman

Hi, I am trying to implement JWT with tyk and checking it if it is working fine using postman. But i am getting one of these two errors in response:

  • “error”: “Key not authorized”
  • “error”: “Key not authorized: no matching policy found”

Can anyone please let me know the flow from starting and also suggest me what should i send in postman header and payload. Specially what should i send in “kid”.

Thanks!!

@Martin please suggest something.

You supposed to put the policy id in the JWT.
Authorization: Bearer zzzzzzzzzzzzzzzz
Please check this link: https://tyk.io/docs/security/your-apis/json-web-tokens/

Thanx @Yaara,
Yes, i am passing policy id while creating JWT, Still its not working. I have went through the following docs many times:
https://tyk.io/blog/integrating-tyk-open-source-api-gateway-custom-identity-provider-using-json-web-tokens/
https://tyk.io/docs/security/your-apis/json-web-tokens/

My paylod look like this:

please suggest what should i pass in postman header.
Currently its look like:

And my Api’s Authorisation part is:

@Shubham_Jain looking at your payload, you have “Policy ID” as your policy claim, that’s a pretty bad idea, it’s a JSON object, so while keys can indeed be any kind of string, it mght just be easier to use pol or policy.

Now you have set the policy field name in your dashboard to be “policy”, looking at your JWT payload, there is no field called “policy”, but you have one called “Policy ID”, maybe if you rename the payload version to policy, Tyk will be able to find the policy ID that you want to apply to this JWT.

Hi @Martin, I followed your instruction but it is still not working. My payload now is:

Please let me know if you need something else from me. Thanx !!

Your signature methods to not match.
On the token creating you have used HS256 and on Tyk’s API setup it’s the RSA.

1 Like

Thanks @Yaara for pointing out my mistake, I changed JWT Signing method from RSA to HMAC(Shared) in my API and its working fine this time. I tried this in previous attempts too but may be i was missing something that time.

NP :relaxed:
If it matched in previous tests then it was the policy tag that was not matching (That’s the way you can configure Tyk to lookup for the policy in your token)

1 Like