ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

JWT encode/decode assertions not implementing RFC 7797 for unencoded payload opt


Article ID: 142471


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


The users detected that Encode / Decode JWT assertions are not implementing RFC 7797 for un-encoded payload option, which is required as per Open Banking specification.
The customer needs support to the new RFC 7797 updating the JWS signature definitions.
Is this RFC 7797 supported in any minor version of the API Gatewat 9.4? 
If not, will it be supported in any future version ? 




Release : 9.4



This feature is not supported in a minor version. It is targeted for a next release of Gateway which is due out sometimes in the earlier part of this year.

The actual fix removes all the spaces and next line characters before feeding the payload and headers to the signing/validation algorithm.
We also concluded that gateway supports RFC 7797 which was the original doubt from the customer.
And the critical headers fix will be available as a part of Gateway Post release 9.4. After the fix, Gateway will support critical headers as well.