Expand my Community achievements bar.

SOLVED

JWT Bearer Token returns Invalid Assertion

Avatar

Level 4
Level 4
6/7/22 10:01:15 PM

I am trying to connect  to aem using a JWT Bearer Token.
I have followed all the tutorials and cannot seem to find what is wrong.

The error message is: error: invalid_grant, error_description: invalid assertion

 

what could be the reason?

Views

692

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
6/8/22 6:54:37 AM

Hi @sriram_1 ,


Check this link : https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...


I would also suggest you to use : https://jwt.io/ for validation.

The structure of the JWT assertion looks like this

Base64URL({header}).Base64URL({claims}).Base64URL(RSA(SHA256(Base64URL({header}).Base64URL({claims}))))

or grouped a bit differently for readability

encodedHeader = Base64URL({header})
encodedClaims = Base64URL({claims})
token = encodedHeader.encodedClaims

assertion = token.Base64URL(RSA(SHA256(token)))

The private key is used in generating the signature (i.e. the second part of the "assertion"). If your assertion doesn't start with eyJhbGciOiJSUzI1NiJ9 (the Base64 encoded version of {"alg":"RS256"}) then it is wrong.


Thanks,

Milind

View solution in original post

Views

678

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
6/8/22 6:54:37 AM

Hi @sriram_1 ,


Check this link : https://medium.com/tech-learnings/how-to-manage-the-protected-aem-resources-through-oauth-2-0-851ce4...


I would also suggest you to use : https://jwt.io/ for validation.

The structure of the JWT assertion looks like this

Base64URL({header}).Base64URL({claims}).Base64URL(RSA(SHA256(Base64URL({header}).Base64URL({claims}))))

or grouped a bit differently for readability

encodedHeader = Base64URL({header})
encodedClaims = Base64URL({claims})
token = encodedHeader.encodedClaims

assertion = token.Base64URL(RSA(SHA256(token)))

The private key is used in generating the signature (i.e. the second part of the "assertion"). If your assertion doesn't start with eyJhbGciOiJSUzI1NiJ9 (the Base64 encoded version of {"alg":"RS256"}) then it is wrong.


Thanks,

Milind

Views

679

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
6/8/22 7:27:32 AM

Hi @sriram_1 

 

The error itself says there is some issue with the grant type. What grant type are you using? It should be something similar to this: 

"grant_type":"abc"

Hope this helps.

 

Thanks,

Kiran Vedantam.

Views

675

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
3/18/24 6:05:11 AM

Hi @sriram_1 @Kiran_Vedantam @milind_bachani @kautuk_sahni 

 

This issue occurs when you have not created JWT token properly. Keep the aud value as your domain as https://test.com/oauth/token and keep iss as client ID. 

 

Here aud means audience for whom this JWT belongs to and it's present inside JWT payload section.

Views

100

Replies

0
Sign in to like this content

Total Likes

Translate
Translate