This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Dynamic JWT token validations as introspection

Posted on 08-27-2020 01:09 AM
ronansayao-1
New Member
Reply posted on --/--/---- --:-- AM

Hi Folks,

I have question for the scenario when I have an external oAuth provider and inside the oAuth authorization we have a JWT token with information of the user, like user contract_id.

We use access_token for authentication and authorization.

When I call apis from the front-end, I send the contract_id as path parameter, request parameter, headers, anyway. It's dynamic and it depends on Api for each situation, when i have this contract_id, i should decrypt JWT token and check if this contract_id belongs to this user, if not I return 401.

So what's the best way to do this validation, because each api can receive this contract_id in several different ways, Can I use extractvariables in a global policy and set in a variable and this flow can validate all scenarios.

This is the best practice to do this?

Thanks in Advance

0 1 49
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ronansayao-1
New Member
Reply posted on --/--/---- --:-- AM

If i use in global shared flow, In case i receive the contract_id in the path parameter, i don't know the exactly position, in this situation I have to use extract variables in the preflow.

0 Likes