JWT claims validation

younss · February 5, 2019, 5:28am

Hi all,
is there any vision to support JWT claims contents validation in istio?

Kind regards

davinkevin · February 5, 2019, 9:06am

What kind of content validation you want to make ?

Right now, you can check the user (via its jwt) have a specific claim to associtate him to a specific ServiceRole and ServiceRoleBinding.

You have some inbformation about this in the RBAC documentation in the istio documentation

YangminZhu · February 6, 2019, 1:49am

Yeah, currently we support simple string match on JWT claims. In 1.1, we will also support matching on claim of list string: https://preliminary.istio.io/docs/tasks/security/rbac-groups/#configure-the-authorization-of-list-typed-claims.

younss · May 21, 2019, 6:02pm

Thank you, is this was provided with Istio 1.1 or was reported to 1.2.

Kind Regards

YangminZhu · May 24, 2019, 12:17am

younss · May 24, 2019, 1:52pm

Thank you for your reply

Topic		Replies	Views
Istio 1.5 JWT claim in AuthorizationPolicy Security	8	1686	April 16, 2020
Matching permissions in Istio AuthorizationPolicy Security security	1	492	July 10, 2020
JWT and Authorization Security	7	1004	July 2, 2019
OriginAuthenticationMethod	4	1426	June 2, 2020
Istio support Validation of JWT + POP token Security	0	263	April 20, 2023