Jwt claim set validation

muhammad.usman22 · September 25, 2023, 11:30am

Hi,

I am using web methods API Gateway and using JWT for authorization. Issue is the claim set is defined in identifiers section in application, but API gateway is not validating that claim set. if i request for JWT token with valid gateway key and have additional information in request payload as claim set it still validates and returns valid token.

e.g
claim set defined in Application is
{“claimsSet”: {“channel”:“web”}}

and i sent in request body

{“claimsSet”: {“channel”:“web”,“addTest”:“extra info”}}

but API gateway added the extra information in JWT token and did not validated with claim set

Vikash_Sharma1 · October 9, 2023, 4:07am

hi @muhammad.usman22,
Ideally it should validate the claim set.
Did you try with some other value in the claim set like app ID.

If not can you please give a try for that as well.
Also share what is the error you are getting for same.

Regards
Vikash Sharma

system · April 6, 2024, 4:07am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.