Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

JWT Bearer Token returns Invalid Assertion

Avatar

Level 3

I am trying to connect  to aem using a JWT Bearer Token.
I have followed all the tutorials and cannot seem to find what is wrong.

The error message is: error: invalid_grant, error_description: invalid assertion

 

what could be the reason?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @sriram_1 ,


Check this link : https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...


I would also suggest you to use : https://jwt.io/ for validation.

The structure of the JWT assertion looks like this

Base64URL({header}).Base64URL({claims}).Base64URL(RSA(SHA256(Base64URL({header}).Base64URL({claims}))))

or grouped a bit differently for readability

encodedHeader = Base64URL({header})
encodedClaims = Base64URL({claims})
token = encodedHeader.encodedClaims

assertion = token.Base64URL(RSA(SHA256(token)))

The private key is used in generating the signature (i.e. the second part of the "assertion"). If your assertion doesn't start with eyJhbGciOiJSUzI1NiJ9 (the Base64 encoded version of {"alg":"RS256"}) then it is wrong.


Thanks,

Milind

View solution in original post

0 Replies

Avatar

Correct answer by
Community Advisor

Hi @sriram_1 ,


Check this link : https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...


I would also suggest you to use : https://jwt.io/ for validation.

The structure of the JWT assertion looks like this

Base64URL({header}).Base64URL({claims}).Base64URL(RSA(SHA256(Base64URL({header}).Base64URL({claims}))))

or grouped a bit differently for readability

encodedHeader = Base64URL({header})
encodedClaims = Base64URL({claims})
token = encodedHeader.encodedClaims

assertion = token.Base64URL(RSA(SHA256(token)))

The private key is used in generating the signature (i.e. the second part of the "assertion"). If your assertion doesn't start with eyJhbGciOiJSUzI1NiJ9 (the Base64 encoded version of {"alg":"RS256"}) then it is wrong.


Thanks,

Milind

Avatar

Community Advisor

Hi @sriram_1 

 

The error itself says there is some issue with the grant type. What grant type are you using? It should be something similar to this: 

"grant_type":"abc"

Hope this helps.

 

Thanks,

Kiran Vedantam.