Skip to content

Ability to validate claims in JWT policy #6829

New issue
New issue
Open
Enhancement
Open
Ability to validate claims in JWT policy#6829
Enhancement
Labels
area/securityIssues related to security capabilities or concernsproposalAn issue that proposes a feature requestready for refinementAn issue that was triaged and it is ready to be refined
Milestone
 
Candidates
@anderius

Description

@anderius
anderius
opened on Nov 19, 2024

Currently, we must use snippets to validate claims in the validated JWT.

It would be very nice if we could validate custom claims, for example scope, directly from the JWT policy (https://docs.nginx.com/nginx-ingress-controller/configuration/policy-resource/#jwt-using-jwks-from-remote-location).

As an example of how this cane be done, see https://learn.microsoft.com/en-us/azure/api-management/validate-jwt-policy.

From that link (of course I don't want XML, but you get the idea :-) ):

 <required-claims>
    <claim name="name of the claim as it appears in the token" match="all | any" separator="separator character in a multi-valued claim">
      <value>claim value as it is expected to appear in the token</value>
      <!-- if there is more than one allowed value, then add additional value elements -->
    </claim>
    <!-- if there are multiple possible allowed claim, then add additional claim elements -->
  </required-claims>

Additional Context
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-jwt-authentication/#arbitrary-jwt-claims-validation

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/securityIssues related to security capabilities or concernsproposalAn issue that proposes a feature requestready for refinementAn issue that was triaged and it is ready to be refined

    Type

    Projects

    NGINX Ingress Controller

    Status

    Prioritized backlog

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions