Hi Rajkumar, you can sign the JWT token using a signature algorithm. configuring <SignatureAlgorithm/> tag you can achieve this. see the doc here [1]
[1] https://docs.wso2.com/display/AM170/Passing+Enduser+Attributes+to+the+Backend+Using+JWT On Wed, Mar 18, 2015 at 10:00 PM, Rajkumar Rajaratnam <[email protected]> wrote: > Hi, > > I have hosted my service in WSO2 AS and I am exposing them as APIs in WSO2 > AM. I have configured AM to send JWT tokens to the back end service. My > back end service is able to receive and decode the JWT tokens. > > My question is, how can a service validate that JWT token was sent from > valid party (Api Manager), but not from some advisory that crafted token? > > Please advice. > > Thanks. > > -- > Rajkumar Rajaratnam > Committer & PMC Member, Apache Stratos > Software Engineer, WSO2 > > Mobile : +94777568639 > Blog : rajkumarr.com > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Lakshman Udayakantha WSO2 Inc. www.wso2.com lean.enterprise.middleware Mobile: *0711241005*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
