Can I use JWK having modulus(n) and exponent(e) to validate JWT in Azure Api management

Question

From validate-jwt policy reference https://learn.microsoft.com/en-us/azure/api-management/validate-jwt-policy

<issuer-signing-keys>     
<key>Base64 encoded signing key | certificate-id="mycertificate" | n="modulus" e="exponent</key>
</issuer-signing-keys>

It says, I can use mod(n) and exponent(e) to validate JWT. I tried it in inbound policy, but it says that it is not valid base64 string. How to use jwk having n and e parameters to validate JWT?

The policy works only when I put modulus(n) and exponent(e) as constant OR save constants in named value and then use them like below

<validate-jwt header-name="Authorization" failed-validation httpcode="401" failed-validation-error-message="Unauthorized">
<issuer-signing-keys>

     <key> n = {{n}} e = {{e}}</key>

</issuer-signing-keys>
</validate-jwt>

But I need to extract n, e from another header and then validate JWT. Is it possible using jwt-validate? Like below,

<issuer-signing-keys>
   <key n= "@(Context.variables["mod"])" e= "@(Context.variables["exponent"])" />
</issuer-signing-keys>

Answer 1

Abhishek Yadav Thanks for posting your question in Microsoft Q&A. Unfortunately, the policy expression is not supported for key attributes such as n and e. Currently, named values and string values are supported. Alternatively, consider using openid-config as a workaround due to this limitation.

I have opened feedback item #112033 to update the docs and also, will submit feature request internally to our product team for supporting the policy expression. You can also submit feedback via https://aka.ms/apimwish (similar item) and others with similar interests can upvote it too.

Sorry for the inconvenience caused. I hope this helps.

---

If you found the answer to your question helpful, please take a moment to mark it as "Yes" for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.