Skip to main content
Feedback

JWT Authentication Policy

Description

  • The Policy authenticates request calls coming from the client using third party JWT token. This provides authentication augmentation on top of API key which is used in API Management.

  • Policy enforces existence and validity of a JWT specified in HTTP Authorization header.

  • Policy supports injecting claims value in request to enrich http headers which can be specified in pre_input configuration.

  • Policy provides configurable capability to block/forward http Authorization header to backend/origin server.

  • Supports JSONPath expression to locate claim value for non-standard JWT claims.

  • Support match policy to allow additional validation based on JWT claims value.

  • Supports pre-processing of API request.

  • Supports custom error message with policy configurations.

On this Page