This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to verify a JWT claim to have any one of multiple values?

Posted on 09-24-2020 04:46 AM
agrawalvaibhaw9
New Member
Reply posted on --/--/---- --:-- AM

My JWT Payload is :

{
  "iss": "https://d10l.eu.auth0.com/",
  "sub": "auth0|5a70e4e394059f5e7527d6b1",
  "aud": [
    "https://api.d10l.de",
    "https://d10l.eu.auth0.com/userinfo"
  ],
  "iat": 1518429498,
  "exp": 1518436698,
  "azp": "94YJaDlR5QDpaS7Em6aC02_gj6kA1Q_G",
  "scope": "profile"
}

My scope could be profile or id. Is there a way to configure Verify JWT to take any one of profile or id while asserting the claims?

This will verify the scope to have both profile and id. 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyJWT async="false" continueOnError="true" enabled="true" name="verify-jwt-claims">
    <DisplayName>verify-jwt-claims</DisplayName>
    <Algorithm>RS256</Algorithm>
    <PublicKey>
        <JWKS ref="var"/>
    </PublicKey>
    <AdditionalClaims>
        <Claim name="scope" type="string">profile,id</Claim>
    </AdditionalClaims>
</VerifyJWT>

But is there a way to verify if the scope claim could be one of profile or id?

The other I could find was have a condition in the flow that

<Step>
                
                <Condition>
                NOT(
                       jwt.verify-jwt-claims.decoded.claim.scope == "profile"
                    OR jwt.verify-jwt-claims.decoded.claim.scope == "id"
                )
                </Condition>
                <Name>Raise-Fault-claims</Name>
            </Step>
0 7 901
Topic Labels
0 Likes
7 REPLIES 7
Top Solution Authors
View all