Hi, I have hosted my service in WSO2 AS and I am exposing them as APIs in WSO2 AM. I have configured AM to send JWT tokens to the back end service. My back end service is able to receive and decode the JWT tokens.
My question is, how can a service validate that JWT token was sent from valid party (Api Manager), but not from some advisory that crafted token? Please advice. Thanks. -- Rajkumar Rajaratnam Committer & PMC Member, Apache Stratos Software Engineer, WSO2 Mobile : +94777568639 Blog : rajkumarr.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev