JWT encode/decode assertions not implementing RFC 7797 for unencoded payload opt

book

Article ID: 142471

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

The users detected that Encode / Decode JWT assertions are not implementing RFC 7797 for un-encoded payload option, which is required as per Open Banking specification.
The customer needs support to the new RFC 7797 updating the JWS signature definitions.
Is this RFC 7797 supported in any minor version of the API Gatewat 9.4? 
If not, will it be supported in any future version ? 

 

 

Environment

Release : 9.4

Component : API GTW ENTERPRISE MANAGER

Resolution

This feature is not supported in a minor version. It is targeted for a next release of Gateway which is due out sometimes in the earlier part of this year.

The actual fix removes all the spaces and next line characters before feeding the payload and headers to the signing/validation algorithm.
We also concluded that gateway supports RFC 7797 which was the original doubt from the customer.
And the critical headers fix will be available as a part of Gateway Post release 9.4. After the fix, Gateway will support critical headers as well.