Hi Rajkumar,
you can sign the JWT token using a signature algorithm. configuring
SignatureAlgorithm/
tag you can achieve this. see the doc here [1]
[1]
https://docs.wso2.com/display/AM170/Passing+Enduser+Attributes+to+the+Backend+Using+JWT
On Wed, Mar 18, 2015 at 10:00 PM, Rajkumar Rajaratnam rajkum...@wso2.com
wrote:
Hi,
I have hosted my service in WSO2 AS and I am exposing them as APIs in WSO2
AM. I have configured AM to send JWT tokens to the back end service. My
back end service is able to receive and decode the JWT tokens.
My question is, how can a service validate that JWT token was sent from
valid party (Api Manager), but not from some advisory that crafted token?
Please advice.
Thanks.
--
Rajkumar Rajaratnam
Committer PMC Member, Apache Stratos
Software Engineer, WSO2
Mobile : +94777568639
Blog : rajkumarr.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
--
Lakshman Udayakantha
WSO2 Inc. www.wso2.com
lean.enterprise.middleware
Mobile: *0711241005*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev