How was it encrypted and to what key? Per the documentation (https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/policy-assertions/assertion-palette/message-validation-transformation-assertions/decode-json-web-token-assertion.html):
For a nested JWT (both signed and encrypted), use one Decode JSON Web Token assertion to decrypt, then pass the resulting payload ${<prefix>.plaintext} to a second Decode JSON Web Token assertion.
So you must first decrypt the JWE then run it through the decode again to validate the JWS. I'm attaching a sample policy to illustrate this that creates a signed and encrypted JWT then decrypts and validates.
------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
------------------------------
Original Message:
Sent: 04-05-2021 02:57 AM
From: Ronnald Baque
Subject: How to decode an encrypted json web token
Hello everyone,
I am trying to decode an encrypted JWT but have not been successful. I have tried the Decode Json Web Token assertion, it performs the decoding when I pass it a signed JWT but when the JWT is encrypted the assertion fails.
Any help is good to have lights since I am stuck there.
Best regards,
Ronald.