Authorize request based on JWT group claims with API protection profile

Question

Hello all!I´m trying to figure out a way to authorize requests that have been already authenticated by an Oauth scope step in the per-request policy. Conceptually it sounds quite simple: if a group is present in the JWT claims, the request should be authorized, otherwise it should be rejected.I´ve found a lab explaining how to achieve the same on Nginx plus, so I would think it should be possible with APM, nevertheless I´m unable to find a way to access the JWT payload from APM.A workaround would be to handle it with an Irule on LTM, converting the base64 content on the JWT, parsing it and checking the content, but I´d be surprised it doesn´t come out of the box with APM.TIA,Pablo

ustrum · Answer

In case someone ends up in this thread, eventually got this sorted out with irules (what else?), based on the jwt parser from this post

Forum Discussion

Authorize request based on JWT group claims with API protection profile

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

F5 Essential App Protect: Go !

Detect and stop exfiltration attempts with F5 Distributed Cloud App Infrastructure Protection

Create Your Own Certificate Authority

ForgeRock with F5 Distributed Cloud (XC) Account Protection and Authentication Intelligence

Simple DDOS Protection for HTTP Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS