JWT claims validation


#1

Hi all,
is there any vision to support JWT claims contents validation in istio?

Kind regards


#2

What kind of content validation you want to make ?

Right now, you can check the user (via its jwt) have a specific claim to associtate him to a specific ServiceRole and ServiceRoleBinding.

You have some inbformation about this in the RBAC documentation in the istio documentation


#3

Yeah, currently we support simple string match on JWT claims. In 1.1, we will also support matching on claim of list string: https://preliminary.istio.io/docs/tasks/security/rbac-groups/#configure-the-authorization-of-list-typed-claims.