Forum Discussion

Nimbostratus

Oct 13, 2018

Oauth2 with JWT : Problem with http response code

Hello,

I have a problem when I have to authorize ressource (userinfo) with Oauth.

The token is JWT. I have to add in an iRule "HTTP::header remove Authorization" (when ACCESS_ACL_ALLOWED). If I don't do that I always have a 401 response.

If I write this iRule, it works, but the user agent has to not send the 4 cookies received because the session can't be match (I guess) or I have to kill the session in the server side.

And when the token is expired (with the iRule enable), I do not have a 401 response (like I want !) but a code 200 with big-ip logout page.

I would like to have 401 responses when JWT token is expired and not to have to manually remove cookies.

Thank you very much for you help.

No RepliesBe the first to reply

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Oauth2 with JWT : Problem with http response code

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Catch Dynamic CRL Errors and Return Friendly Page

Bot Defense causing a lot of false positives

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

TCPDUMP in BigIP for traffic coming from distrbuited cloud.

Adding my Product and support to bigF5 account

Related Content

Introduction of Incident Response

APM/OAuth2 : auto apply changes made by discovery

F5 NGINX API Gateway: Simplify Response Manipulation

custom response page for api

Operationlizing Online Fraud Detection, Prevention, and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS