Layer7 API Management

 View Only

Understanding JOSE and JWK in the API Gateway with JWE and JWS test cases

  • 1.  Understanding JOSE and JWK in the API Gateway with JWE and JWS test cases

    Broadcom Employee
    Posted Feb 26, 2021 05:16 PM
      |   view attached
    I've had several questions come up recently about handling JWE and JWS in the Gateway, so I wrote a couple of test services to help explore them. I'm attaching them here for anyone in the community that wants to explore this capability in the Gateway. Essentially it sets up two services, a Sender and a Recipient, where the user calls the Sender service to initiate the call, indicating a test to run. The Sender service generates a JWT token and encrypts/signs the token based on the test case and routes it to the Recipient service on localhost where the token is decrypted/verified per the test parameters and returns a summary report. Key material for the two identities were generated in openssl and converted to JWK using the included pem-to-jwk.sh script. Hopefully this is helpful to anyone planning to use these features of the Gateway.

    Unzip the attached file and review the README file for details.

    Cheers!

    JayMac

    ------------------------------
    Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
    ------------------------------

    Attachment(s)

    zip
    JWKGrok.zip   47 KB 1 version