Authorize request based on JWT group claims with API protection profile

Question

Hello all!I´m trying to figure out a way to authorize requests that have been already authenticated by an Oauth scope step in the per-request policy. Conceptually it sounds quite simple: if a group is present in the JWT claims, the request should be authorized, otherwise it should be rejected.I´ve found a lab explaining how to achieve the same on Nginx plus, so I would think it should be possible with APM, nevertheless I´m unable to find a way to access the JWT payload from APM.A workaround would be to handle it with an Irule on LTM, converting the base64 content on the JWT, parsing it and checking the content, but I´d be surprised it doesn´t come out of the box with APM.TIA,Pablo

ustrum · Answer

In case someone ends up in this thread, eventually got this sorted out with irules (what else?), based on the jwt parser from this post

Forum Discussion

Authorize request based on JWT group claims with API protection profile

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

JWT authorization with NGINX Ingress Controller

L7 DoS Protection with NGINX App Protect DoS

F5 API Security: Discovery and Protection

Cookie-based DDoS protection

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS