'Getting authentication failed error when calling APIM API which has Product scope from postman
I have an APIM API, which is associated with a Product(Product scope). When I test the API within APIM (Test tab), everything works fine.
But when I copy the same headers along with the same Authorization JWT token to Postman and test the API, I'm getting 401 error with the error reason Signature validation failed. I see the kid value in JWT is different in both the cases (testing within APIM, postman).
When I remove Product for the APIM API, the request from postman works fine with the same JWT token.
Can someone please help me understand why JWT validation is failing when the Product is mapped to APIM API?
JWT Validation policy is as below. We have our own JWT token generation mechanism, those details are part of Named Values
<policies>
<inbound>
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Invalid_AccessToken" require-expiratation-time="true" require-scheme="Bearer" require-signed-tokens="true" output-token-variable-name="outToken">
<openid-config url="{{openid-config-url}}" />
<issuers>
<issuer>{{issuer id}}</issuer>
</issuers>
</validate-jwt>
</inbound>
</policies>
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|