Hi,
I am using web methods API Gateway and using JWT for authorization. Issue is the claim set is defined in identifiers section in application, but API gateway is not validating that claim set. if i request for JWT token with valid gateway key and have additional information in request payload as claim set it still validates and returns valid token.
e.g
claim set defined in Application is
{“claimsSet”: {“channel”:“web”}}
and i sent in request body
{“claimsSet”: {“channel”:“web”,“addTest”:“extra info”}}
but API gateway added the extra information in JWT token and did not validated with claim set