Is there a way in Istio authorization policy condition evaluation to verify scope of OAUTH JWT token

martin2176 · August 13, 2023, 4:55pm

I can use claims in the JWT token and use claims matching , however in OAUTH2 standards scope is the correct way to describe if the token is allowed access to a particular resourse.
These are the list of support condition attributes

There is request.auth.claims. However no support for scope
Is there a way to do scope condition evaluation other than using extensions like OPA

martin2176 · August 18, 2023, 1:52pm

Actually the condition eval works for scope as well eventhough it is not explicitly documented. Closing this discussion

system · September 8, 2023, 9:31pm

This topic is temporarily closed for at least 1 hour due to a large number of community flags.

system · September 19, 2023, 9:38am

This topic was automatically opened after 10 days.

Topic		Replies	Views
Istio 1.5 JWT claim in AuthorizationPolicy Security	8	1703	April 16, 2020
Does Authorization Policy Conditions support object array value for request.auth.claims? Security	1	1063	August 11, 2020
JWT claims validation Security	5	749	May 24, 2019
Authorization Policy rule values from request headers Security security	1	1436	April 27, 2022
Authorization policy challenge Security	6	1211	April 4, 2020

Is there a way in Istio authorization policy condition evaluation to verify scope of OAUTH JWT token

Related topics