I am trying to create a configuration file to perform JWT checks against either a cookie or the GET parameter ‘acct’. I have double-checked the validity of the token using Online JWT tool and confirmed that the ‘secret.jwt’ file contains the public key. Below is the code; the first part works correctly, but the actual signature check always fails. Please recommend a solution.
acl jwt_cookie_exists hdr_sub(cookie) acct=
acl jwt_param_exists urlp(acct) -m found
http-request redirect code 302 location https://XXXXXXX/ologin?cli=dc3b1e04-cdba-47fa-9aae-04c4edec71fb.FirOAuthApi if !jwt_cookie_exists>
acl has_valid_jwt_cookie hdr_sub(cookie) acct=, jwt_verify(RS256,"/etc/haproxy/jwt.secret") -m int 1
acl has_valid_jwt_param urlp(acct), jwt_verify(RS256,"/etc/haproxy/jwt.secret") -m int 1
# Redirect to authentication server if JWT token is not valid
http-request redirect code 302 location https://XXXXXXX/ologin?cli=dc3b1e04-cdba-47fa-9aae-04c4edec71fb.FirOAuthApi unless has_valid_jwt_cookie or has_valid_jwt_param