Unable to verify JWT token when header value does not start with "Bearer " #8773
Closed
Description
Current Behavior
Our API gateway passes a JWT for the caller in the X-JWT-Assertion header without prefixing this with Bearer .
The IBIS refuses to validate the JWT simply because it doesn't start with Bearer ..
Expected Behavior
Assume that the value is the actual token when it doesn't start with Bearer .
Environment Information
7.9.5
Steps To Reproduce
No response
Configuration
<Receiver name="GetCaseDocument1 - EGW" active="${jwt.egw.active}">
<ApiListener name="GetCaseDocument1 - EGW"
uriPattern="egw/ads/documents/{caseDocumentId}"
contentDispositionHeaderSessionKey="Content-Disposition"
produces="DETECT"
authenticationMethod="JWT" jwtHeader="X-JWT-Assertion" jwksURL="${jwks.egw.url}" exactMatchClaims="aud=${jwt.egw.audience}, iss=${jwt.egw.issuer}"
/>
</Receiver>Input
No response
What database are you using?
No response
What browsers are you seeing the problem on?
No response
Relevant Log Output
Anything else?
No response
Metadata
Metadata
Assignees
Type
Projects
Status