We have a similar requirement, and we do the authentication in the Service activity Step #1 . If the validateJWT function returns false, it means the token was not validated, and you can then return an "Ïnvalid Token" error back to the consumer.
Thnx for your response. The problem we run into is the following:
We configured the following:
- Custom authentication service
- Custom authentication activity which calls the JWT processing activity * Required input, Token profile + JWT string.
The activity requires a JWT string param which normally comes from the header. When we test our service with for example SoapUI we dont see a header comming into the activity to perform the validation.
We added a custom Authorization header in SoapUI with "bearer !@#!#$!ASD.. etc"
One more thing you can probably try ( if not done already) is to use the httpServletRequest object in your custom activity. You can use the getHeader("Authorization") or something to get the bearer token as the value. This can fetch you the JWT token inside the bearer authentication scheme.
Do you have PEGA Sales Automation in your application stack? There is an OOTB activity - OutlookAddinAuth which is used for PEGA Outlook integration. That activity will give you an example of how to process JWT token and create operator record. You still need to create a token processing profile and trust store to validate the token.