Expand my Community achievements bar.

SOLVED

JWT Bearer Token returns Invalid Assertion

Avatar

Level 4
Level 4
6/7/22 10:01:15 PM

I am trying to connect  to aem using a JWT Bearer Token.
I have followed all the tutorials and cannot seem to find what is wrong.

The error message is: error: invalid_grant, error_description: invalid assertion

 

what could be the reason?

Views

1.2K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
6/8/22 6:54:37 AM

Hi @sriram_1 ,


Check this link : https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...


I would also suggest you to use : https://jwt.io/ for validation.

The structure of the JWT assertion looks like this

Base64URL({header}).Base64URL({claims}).Base64URL(RSA(SHA256(Base64URL({header}).Base64URL({claims}))))

or grouped a bit differently for readability

encodedHeader = Base64URL({header})
encodedClaims = Base64URL({claims})
token = encodedHeader.encodedClaims

assertion = token.Base64URL(RSA(SHA256(token)))

The private key is used in generating the signature (i.e. the second part of the "assertion"). If your assertion doesn't start with eyJhbGciOiJSUzI1NiJ9 (the Base64 encoded version of {"alg":"RS256"}) then it is wrong.


Thanks,

Milind

View solution in original post

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
6/8/22 6:54:37 AM

Hi @sriram_1 ,


Check this link : https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...


I would also suggest you to use : https://jwt.io/ for validation.

The structure of the JWT assertion looks like this

Base64URL({header}).Base64URL({claims}).Base64URL(RSA(SHA256(Base64URL({header}).Base64URL({claims}))))

or grouped a bit differently for readability

encodedHeader = Base64URL({header})
encodedClaims = Base64URL({claims})
token = encodedHeader.encodedClaims

assertion = token.Base64URL(RSA(SHA256(token)))

The private key is used in generating the signature (i.e. the second part of the "assertion"). If your assertion doesn't start with eyJhbGciOiJSUzI1NiJ9 (the Base64 encoded version of {"alg":"RS256"}) then it is wrong.


Thanks,

Milind

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
6/8/22 7:27:32 AM

Hi @sriram_1 

 

The error itself says there is some issue with the grant type. What grant type are you using? It should be something similar to this: 

"grant_type":"abc"

Hope this helps.

 

Thanks,

Kiran Vedantam.

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
3/18/24 6:05:11 AM

Hi @sriram_1 @Kiran_Vedantam @milind_bachani @kautuk_sahni 

 

This issue occurs when you have not created JWT token properly. Keep the aud value as your domain as https://test.com/oauth/token and keep iss as client ID. 

 

Here aud means audience for whom this JWT belongs to and it's present inside JWT payload section.

Views

604

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
how to set up cache invalidation on webserver for multiple domain Solved

Views

172

Likes

0

Replies

5
AEM 6.5.21 link invalid Solved

Views

108

Likes

0

Replies

2
JWT Deprecation - is it just in Developer Console, or will it be deprecated everywhere Solved

Views

124

Likes

0

Replies

1
AEM Workflow to return multiple groups and users in a Participant Step Chooser Solved

Views

391

Likes

0

Replies

7
AEM Author 6.5 cold standby is unable to sync due to invalid certificate Solved

Views

188

Likes

0

Replies

4