Forum Discussion

Cirrostratus

Jun 22, 2021

oauth server generated jwt token problem

Hi all, We have a customer try to do oauth with a dovecot server, they have the following problems using the f5 as a oauth server: The "typ" jwt header is missing, this should be set to "JWT". ...

application delivery

BIG-IP Access Policy Manager (APM)

Cumulonimbus

Hello Peter,

I have exactly the same problem as you for another application.

The "typ" jwt header is missing, this should be set to "JWT".

have you had any feedback from the support? if not, could you give me the number of your incident? it will have weight if I open an incident about it.

thank you for your help.

regards,

Marvin

Cirrocumulus

Nov 05, 2021

You need to specify token_content_type with value jwt for JWT tokens to be provided by F5 oauth server via POST method to /f5-oauth2/v1/token, if you dont do that then you request Opaque token.

Also first is always a GET request to /f5-oauth2/v1/authorize where I also append &token_content_type=jwt

mebbels
Nimbostratus
Jun 21, 2022
Hi Marvin,
Can you confirm if the &token_content_type=jwt paramenter is added to the request the follwoing is added "type":"JWT" in the header of the JWT i.e.
{
"alg": "HS256",
"typ": "JWT"
}
Currently the F5 is configured to issues JWT automatically, but it missing the "type":"JWT" in the header of the JWT. It doesn't required the special parameter to issue the JWT in the current setup.
Or found another way to add headers to JWT.
Running 15.1.x and the F5 is acting the the Oauth Authorization Server.
Thanks