cancel
Showing results for 
Search instead for 
Did you mean: 

Authorize request based on JWT group claims with API protection profile

Ustrum
Altocumulus
Altocumulus

Hello all!

I´m trying to figure out a way to authorize requests that have been already authenticated by an Oauth scope step in the per-request policy. Conceptually it sounds quite simple: if a group is present in the JWT claims, the request should be authorized, otherwise it should be rejected.

I´ve found a lab explaining how to achieve the same on Nginx plus, so I would think it should be possible with APM, nevertheless I´m unable to find a way to access the JWT payload from APM.

A workaround would be to handle it with an Irule on LTM, converting the base64 content on the JWT, parsing it and checking the content, but I´d be surprised it doesn´t come out of the box with APM.

TIA,

Pablo

1 REPLY 1

Ustrum
Altocumulus
Altocumulus

In case someone ends up in this thread, eventually got this sorted out with irules (what else?), based on the jwt parser from this post