JWT information should be passed in the header under the parameter X-JWT-Assertion
. The Content is been encoded. Use TCPMon to intercept the request and see if the API Manager is actually passing the JWT. This would be a good starting point to debug.
API Manager passing JWT to backend service
-
07-07-2023 - |
Question
A backend service needs to know the user for the service call. Reading through the API 1.6.0 documentation I have configured it to generate JWT and removed and republished my services as stated. Running tests, I am not seeing the JWT being passed to the backed service in the response headers in Fiddler. I am not using the ESB or Identity services from WSO2.
What am I missing?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow