Multiple Authenttication policies

I am trying to attach multiple Authentication Policies for the same workload target, each one with different trigger rule so each policy will apply to a different endpoint. When I do this neither policy is applied. Is that a expected behaviour?
Policy 1:

apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: auth-policy1
  namespace: foo
spec:
  targets:
  - name: httpbin
  origins:
  - jwt:
      issuer: https://my.url.com
      jwksUri: https://my.url.com/.well-known/openid-configuration/jwks
      trigger_rules:
      - included_paths:
        - prefix: /v1/endpoint1
  peers:
  - mtls: {}
  principalBinding: USE_ORIGIN

Policy 2:

apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: auth-policy2
  namespace: foo
spec:
  targets:
  - name: httpbin
  origins:
  - jwt:
      issuer: https://my.url.com
      jwksUri: https://my.url.com/.well-known/openid-configuration/jwks
      trigger_rules:
      - included_paths:
        - prefix: /v1/endpoint2
  peers:
  - mtls: {}
  principalBinding: USE_ORIGIN

@diemtvu @YangminZhu

I think your expectation is that path with prefix /v1/endpoint1 and /v1/endpoint2 are required for JWT token issued by https://my.url.com.

This won’t work in the alpha policy because only one service-level policy (targets: httpbin) is allowed, you need to combine the two policies together, note the origins is a list.

Also please try to use the new v1beta1 RequestAuthentication and AuthorizationPolicy instead of the deprecated v1alpha1 Policy, see more in https://istio.io/docs/tasks/security/authentication/authn-policy/#require-valid-tokens-per-path