I am trying to connect to aem using a JWT Bearer Token.
I have followed all the tutorials and cannot seem to find what is wrong.
The error message is: error: invalid_grant, error_description: invalid assertion
what could be the reason?
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @sriram_1 ,
Check this link : https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...
I would also suggest you to use : https://jwt.io/ for validation.
The structure of the JWT assertion looks like this
Base64URL({header}).Base64URL({claims}).Base64URL(RSA(SHA256(Base64URL({header}).Base64URL({claims}))))
or grouped a bit differently for readability
encodedHeader = Base64URL({header})
encodedClaims = Base64URL({claims})
token = encodedHeader.encodedClaimsassertion = token.Base64URL(RSA(SHA256(token)))
The private key is used in generating the signature (i.e. the second part of the "assertion"). If your assertion doesn't start with eyJhbGciOiJSUzI1NiJ9 (the Base64 encoded version of {"alg":"RS256"}) then it is wrong.
Thanks,
Milind
Hi @sriram_1 ,
Check this link : https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...
I would also suggest you to use : https://jwt.io/ for validation.
The structure of the JWT assertion looks like this
Base64URL({header}).Base64URL({claims}).Base64URL(RSA(SHA256(Base64URL({header}).Base64URL({claims}))))
or grouped a bit differently for readability
encodedHeader = Base64URL({header})
encodedClaims = Base64URL({claims})
token = encodedHeader.encodedClaimsassertion = token.Base64URL(RSA(SHA256(token)))
The private key is used in generating the signature (i.e. the second part of the "assertion"). If your assertion doesn't start with eyJhbGciOiJSUzI1NiJ9 (the Base64 encoded version of {"alg":"RS256"}) then it is wrong.
Thanks,
Milind
Hi @sriram_1
The error itself says there is some issue with the grant type. What grant type are you using? It should be something similar to this:
"grant_type":"abc"
Hope this helps.
Thanks,
Kiran Vedantam.
Hi @sriram_1 @Kiran_Vedantam @milind_bachani @kautuk_sahni
This issue occurs when you have not created JWT token properly. Keep the aud value as your domain as https://test.com/oauth/token and keep iss as client ID.
Here aud means audience for whom this JWT belongs to and it's present inside JWT payload section.
Views
Replies
Total Likes