Hi Dev,
I'm transferring some attributes by the claims of *JSON Web Token (JWT) *from
the end user(APIM210) to my backend(ESB500) by following the wos2 doc[1].
And I have used Base64Utils to decode the head attributes and received the
needed attribute at the synapse level of the ESB(backend). The piece of
codes is as follows.
But I feel not satisfied that it's not a secure way as this encoding and
decoding can be modified by the third party in during the communication.
Could you help in suggesting ideas in achieving the validation to be done
in ESB level(decoding should be done in ESB level )?
String jwt_assertion = (String) headers.get("x-jwt-assertion"); //the
header element from jwt
String [] jwt_assertion_items = jwt_assertion.split("\\.");
byte[] byteArray = Base64Utils.decode(jwt_assertion_items[1]); //
retrieve the JWT payload
[1]
https://docs.wso2.com/display/AM200/Passing+Enduser+Attributes+to+the+Backend+Using+JWT#PassingEnduserAttributestotheBackendUsingJWT-ChangingtheJWTencodingtoBase64URLencoding
Thanks in advance
Regards,
Thivya
--
*Thivya Mahenthirarasa*
*Software Engineer -Support Team | WSO2*
*Email: [email protected] <[email protected]>*
*Mobile: +94766461966 <http://wso2.com/signature>*
*Web: http://wso2.com <http://wso2.com>*
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
