I have created an API and plan to give access to the API based on the JWT token claims.
JWT Claims are issued by an Identity Provider which has list of values in one of the custom claim.
Eg: “role”: [ admin, productadmin, productuser, normaluser]
How can I validate the incoming JWT token if user has following roles give access to the API otherwise throw error.
I have already completed with below activities
The JWT issuers configuration done properly.
Certificate issuer mapping done.
audience values and the necessary API level policies are applied properly.
Created an application subscribing to the API
Tested with sub and role with one value works fine.
But I am facing issue to validate the claim has multiple values.I have tried claim set also but no luck.
Please suggest me if I am missing something.