Validating JWT token (Azure)

For a published REST-interface I want to configure custom authorisation using Oauth & OpenID Connect. I have enabled authentication-method custom and am now building a microflow to validate the provided token. The provided token is added as header/parameter. The token is provided by an Azure App Registration. To validate the token I am using the JWT module by WebFlight. I have made the following: Substring Authorization to remove ‘Bearer ‘ Import jwk_uri keys (via OIDC metadata document{tenant}/v2.0/.well-known/openid-configuration and the jwk_uri address that follows) DecodeJWT action to create JWT object. Action to find the right key in the list of keys from the jwk_uri using the Kid. GenerateRSAPublicKey action to create public key Create JWT object with issuer set to issuer of OIDC metadata document) DecodeVerifyJWT action to verify the token (using token, JWT object and RSAPublicKey) Retrieve/Create user object   I'm running into a problem at the GenerateRSAPublicKey action. Here I do not know what to fill in and am confused about the PrivateKey field. Do I need a private key and if so how do I generate it (based on what ‘d variable’)? What am I supposed to fill in the other fields: Subject (should this be ClientID?) & Years Validity When I run it with values I find logical I get: Advanced stacktrace: at com.mendix.modules.microflowengine.MicroflowUtil.processException( Caused by: com.mendix.core.CoreRuntimeException: com.mendix.systemwideinterfaces.MendixRuntimeException: java.lang.NumberFormatException: Illegal embedded sign character at com.mendix.basis.actionmanagement.ActionManagerBase.executeSync( Caused by: com.mendix.systemwideinterfaces.MendixRuntimeException: java.lang.NumberFormatException: Illegal embedded sign character at com.mendix.util.classloading.Runner.doRunUsingClassLoaderOf(  
1 answers

You shouldn’t need to create any keys. Check out my OIDC module in the marketplace. It has a Java action called DecodeVerifyJWTPlainText that can do what you need. Pretty sure it was inspired from the WebFlight module you’re using. It takes the following inputs:

  • Encoded JWT
  • Issuer
  • Audience
  • Jwks uri
  • Leeway