I have setup a RequestAuthentication object which correctly validates incoming JWT tokens, and copies claims to headers where the key is a simple string, e.g. ‘aud’.
However, I have a claim that has the key ‘http://example.com/region’ which is not copied to a header when I specify it in the RequestAuthentication object.
I did this in response to the routing configuration not working when the JWT claim routing did not work.
Below is a snippet of the config I had to match a claim in the VirtualService.
- name: match jwt
match:
- headers:
"@request.auth.claims.https://example.com/region":
exact: global```
Below is a snippet of the config I had to copy JWT claims to headers in the RequestAuthentication object
outputClaimToHeaders:
- header: "jwt-aud"
claim: "aud"
- header: "jwt-region"
claim: 'https://example.com/region'
- header: "jwt-sub"
claim: "sub"
Based on the below example contained in the RFC, I think this should work, but I am unsure if I have a syntax problem, or it is unsupported.
{
"iss":"joe",
"exp":1300819380,
"http://example.com/is_root":true
}