I am trying to check the presence of an claim with type integer. In case I apply the authz policy as described below envoy does not find a matching policy. Without the wildcard “*” it is working. From what I understand from the Istio docs (Istio / Authorization Policy) any string field in the rule supports Exact, Prefix, Suffix and Presence match and configuring the when condition is a string field. So I would expect a working authz policy.
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: jwt namespace: foo spec: selector: matchLabels: app: httpbin action: ALLOW rules: - from: - source: requestPrincipals: ["someIssuer/dsfjfdf948487dkjsf"] when: - key: request.auth.claims[iat] values: ["*"]