Mapping Rules JSON File

1.1.5.3.4 Mapping Rules JSON File

The JSON file defines mappings between internal JWT error codes and their corresponding user-defined response messages.

Example sample JWT rule JSON file

{
    "TPED_JWT_AUTH_RC_CERT_INV": {
        "error": {
            "errorCode": "AUTH_RC_CERT_INV",
            "errorMessage": "Invalid cert"
        }
    },
    "TPED_JWT_AUTH_RC_SIG_INV": {
        "error": {
            "errorCode": "301",
            "errorMessage": "Signature verification failed"
        }
    },
    "TPED_JWT_AUTH_RC_DIG_INV": {
        "error": {
            "errorCode": "303",
            "errorMessage": "Digest mismatch during JWT signature verification",
            "action": "Check if the token is signed by the correct private key"
        }
    },
    "TPED_JWT_AUTH_RC_PASS_INV": {
        "error": {
            "errorCode": "AUTH_RC_PASS_INV"
        }
    },
    "TPED_JWT_AUTH_RC_PUBKEY_INV": {
        "error": {
            "errorMessage": "Public key invalid"
        }
    },
    "TPED_JWT_AUTH_RC_ALG_NOT_SUPPORTED": {
        "error": {
            "action": "Check the Algorithm, and provide the supported Algorithm"
        }
    },
    "TPED_JWT_AUTH_RC_EOS": {
        "error": {
            "errorCode": "AUTH_RC_EOS",
            "errorMessage": "Internal system error"
        }
    },
    "TPED_JWT_AUTH_RC_DATA_INV": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_DATA_INV",
            "errorMessage": "JWT data format is invalid, or the token is corrupted. The token cannot be parsed or processed."
        }
    },
    "TPED_JWT_AUTH_RC_TIME_INV": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_TIME_INV",
            "errorMessage": "JWT token is expired. The token's 'exp' claims are outside the acceptable time range."
        }
    },
    "TPED_JWT_AUTH_RC_AUD_INV": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_AUD_INV",
            "errorMessage": "The audience (aud) claim does not match the expected value."
        }
    },
    "TPED_JWT_AUTH_RC_ISS_INV": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_ISS_INV",
            "errorMessage": "The issuer  (iss) claim does not match the expected value."
        }
    },
    "TPED_JWT_AUTH_RC_INVALID_TYP": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_INVALID_TYP",
            "errorMessage": "The typ (type) claim in the JWT header is incorrect."
        }
    },
    "TPED_JWT_AUTH_RC_SIG_ALG_BLACKLIST": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_SIG_ALG_BLACKLIST",
            "errorMessage": "The JWT is signed with a blacklisted or insecure algorithm."
        }
    },
    "TPED_JWT_AUTH_RC_PRIVILEGE_INV": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_PRIVILEGE_INV",
            "errorMessage": "The claims do not meet the required privileges."
        }
    },
    "TPED_JWT_AUTH_RC_SCOPE_MISMATCH": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_SCOPE_MISMATCH",
            "errorMessage": "The token's scope does not match the required scope for access."
        }
    },
    "TPED_JWT_AUTH_RC_NONCE_REPLAY": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_NONCE_REPLAY",
            "errorMessage": "Replay attack detected using jti (JWT ID) claim."
        }
    },
    "TPED_JWT_AUTH_RC_KEY_USE_INV": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_KEY_USE_INV",
            "errorMessage": "Incorrect key use during JWT validation."
        }
    },
    "TPED_AUTHORIZATION_HEADER_EMPTY": {
        "error": {
            "errorCode": "TPED_AUTHORIZATION_HEADER_EMPTY",
            "errorMessage": "Empty Authorization Header in Request."
        }
    },
    "TPED_JWT_AUTH_RC_CLOCK_SKEW": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_CLOCK_SKEW",
            "errorMessage": "JWT Token's 'nbf' claim is outside the acceptable time range due to the clock skew or is not yet valid."
        }
    },
    "TPED_JWT_AUTH_RC_CROSS_ORIGIN_BLOCK": {
        "error": {
            "errorCode": "TPED_JWT_AUTH_RC_CROSS_ORIGIN_BLOCK",
            "errorMessage": "The JWT is being used in a different origin from the one it was issued for."
        }
    },
    "TPED_JWT_DEFAULT_ERROR": {
        "error": {
            "errorCode": "TPED_JWT_DEFAULT_ERROR",
            "errorMessage": "JWT AuthN/AuthZ failed."
        }
    }
}

Structure of a JSON File

Key: Internal JWT error code. For example, TPED_JWT_AUTH_RC_CERT_INV.
Value: contains an object that can have any number of key/value pairs.
- errorCode: A short code representing the error.
- errorMessage: A descriptive message for the error.
- custom Message: any custom Message.
  For example, "action" "Check if the token is signed by the correct private key")

Example sample JWT Error Code

 "TPED_JWT_AUTH_RC_CERT_INV":{        
    "error": {           
      "errorCode": "AUTH_RC_CERT_INV",            
      "errorMessage": "Invalid cert"     
     }    
  },
inside the error object, we can have any key name and value for example 

"TPED_JWT_AUTH_RC_CERT_INV":  {        
    "error": {           
       "mykey1": "my value 1",  
       "mykey2": "my value 2",            
       "mykey3": "my value 3",           
       "mykey4": "my value 4"        
     }  
  },

Parent topic: Configuring JWT Authentication and Customizing Error Messages