JWT Authentication Policy
Description
-
The Policy authenticates request calls coming from the client using third party JWT token. This provides authentication augmentation on top of API key which is used in API Management.
-
Policy enforces existence and validity of a JWT specified in HTTP Authorization header.
-
Policy supports injecting claims value in request to enrich http headers which can be specified in pre_input configuration.
-
Policy provides configurable capability to block/forward http Authorization header to backend/origin server.
-
Supports JSONPath expression to locate claim value for non-standard JWT claims.
-
Support match policy to allow additional validation based on JWT claims value.
-
Supports pre-processing of API request.
-
Supports custom error message with policy configurations.