JWT Claim Set

Hello All,

I have created an API and plan to give access to the API based on the JWT token claims.
JWT Claims are issued by an Identity Provider which has list of values in one of the custom claim.
Eg: “role”: [ admin, productadmin, productuser, normaluser]

How can I validate the incoming JWT token if user has following roles give access to the API otherwise throw error.

I have already completed with below activities

The JWT issuers configuration done properly.
Certificate issuer mapping done.
audience values and the necessary API level policies are applied properly.
Created an application subscribing to the API
Tested with sub and role with one value works fine.

But I am facing issue to validate the claim has multiple values.I have tried claim set also but no luck.

Please suggest me if I am missing something.

Thanks,
Uday

Hi Uday,
API Gateway doesn’t support it. We have in the pipeline to enhance it.

Does the gateway support an array of claims now ? eg “role”: [ admin, normal, guest]