-
Notifications
You must be signed in to change notification settings - Fork 399
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7725 from Akila94/claim-based-access-policy-doc
Add jwt claim based access validation policy docs
- Loading branch information
Showing
4 changed files
with
30 additions
and
0 deletions.
There are no files selected for viewing
Binary file added
BIN
+421 KB
.../img/design/api-policies/configure-jwt-claim-based-access-validation-policy.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+415 KB
...ocs/assets/img/design/api-policies/jwt-claim-based-access-validation-policy.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
29 changes: 29 additions & 0 deletions
29
...esign/api-policies/regular-gateway-policies/jwt-claim-based-access-validator.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# JWT Claim Based Access Validator | ||
|
||
This policy provides the capability to restrict access to an API resource based on a custom claim value provided in the JWT access token. | ||
The policy allows configuring a custom claim name and its value along with an optional regex. | ||
If a regex is configured, the configured claim value and token claim value will be matched using the regex. Otherwise, the claims will be matched for equality. | ||
|
||
To apply this policy, follow the below steps: | ||
|
||
1. Select any API and from the Left Menu, go to **API Configurations** --> **Policies**. | ||
2. Under the **Policy List** that appear on the right side of the screen, look for the **JWT claim based access validator** policy from the `Request` tab. | ||
|
||
[![JWT claim based access validator]({{base_path}}/assets/img/design/api-policies/jwt-claim-based-access-validation-policy.png)]({{base_path}}/assets/img/design/api-policies/jwt-claim-based-access-validation-policy.png) | ||
|
||
3. Drag and drop the **JWT claim based access validator** policy from the policy list to the request flow of any desired API operation. In the below screenshot, the policy was dropped to the `/order POST` operation. | ||
|
||
Configure the custom claim name and value. If required, configure a regex so the claim value will be validated using it. | ||
|
||
In the policy configuring panel that appears from the right, select `Apply to all resources` option if you wish to attach the JWT claim based access validation policy to each and every resource of the current API. If you only wish to attach the policy to a particular API operation, leave the checkbox as it is. Then, click on **Save** button. | ||
|
||
[![JWT claim based access validator]({{base_path}}/assets/img/design/api-policies/configure-jwt-claim-based-access-validation-policy.png)]({{base_path}}/assets/img/design/api-policies/configure-jwt-claim-based-access-validation-policy.png) | ||
|
||
4. Finally, scroll down and click on the **Save** button in order to apply the attached policies to the API. | ||
|
||
[![JWT claim based access validator]({{base_path}}/assets/img/design/api-policies/save-attached-policies.png)]({{base_path}}/assets/img/design/api-policies/save-attached-policies.png) | ||
|
||
Once the API is deployed and published, every request that goes to this API resource will be validated against the custom claim that comes in the access token before sending it to the backend. | ||
|
||
!!! tip | ||
To invert the above validation, you can tick the **Allow flow when claims are not matching** of the policy. This will only allow the flow if the claim values are not matching. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters