Ability to validate claims in JWT policy

[anderius]

Currently, we must use snippets to validate claims in the validated JWT.

It would be very nice if we could validate custom claims, for example scope, directly from the JWT policy (https://docs.nginx.com/nginx-ingress-controller/configuration/policy-resource/#jwt-using-jwks-from-remote-location).

As an example of how this cane be done, see https://learn.microsoft.com/en-us/azure/api-management/validate-jwt-policy.

From that link (of course I don't want XML, but you get the idea :-) ):

 <required-claims>
    <claim name="name of the claim as it appears in the token" match="all | any" separator="separator character in a multi-valued claim">
      <value>claim value as it is expected to appear in the token</value>
      <!-- if there is more than one allowed value, then add additional value elements -->
    </claim>
    <!-- if there are multiple possible allowed claim, then add additional claim elements -->
  </required-claims>

[github-actions]

Hi @anderius thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

[jasonwilliams14]

@anderius I believe this is what you are looking for? This capability in NGINX Ingress controller:

#4417

[anderius]

Thank you, I was not aware of that discussion. Would you prefer to have feature requests there instead of issues?

A few points:

• The routing is not something I need (just to clarify this request)
• I could not understand the example, the prototype policy, but if the functionality is like in this feature request, all is good

[shaun-nx]

Hi @anderius I've added this issue as a child issues for #6565 since this it likely work that will need to come as part of this effort