This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to extract a claim from a JWT, with a dynamically determined name ?

Posted on 12-06-2022 10:53 AM
APIExpert
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I Have encountered a problem of having Reference to flow variable of a policy

The flow is something like this

  1. Decode JWT using Decode JWT policy

  2. Depending on the Diff Oauth provider like ( AWS Azure etc) the Client ID might be contained in different claims

    like
    jwt.DecodeJWT.claim.client_id
    jwt.DecodeJWT.claim.azp
    jwt.DecodeJWT.claim.api_key

Now instead of putting condition and separte assign message policy for each auth providers, We thought to put the claim name in KVM ( this requires no change in SF when a new auth server comes). The KVM would look like for example.

 

Key:AWS    Value:client_id
Key:Azure  Value:azp

 

We get this value in variable ID after fetching the claim name. We are trying to use AssignMessage to form the path to fetch the client id.

 

<AssignVariable>
  <Name>ClientID</Name>
  <Template>jwt.DecodeJWT.claim.{ID}</Template>
</AssignVariable>

 

Now when we try to extract the value of ClientID variable it gives the name of the variable that contains the client id, but  not the actual client id decoded by the policy.

Is this doable what we are trying to achieve , dynamically creating flow variable getting the reference to them and extracting those value

@dchiesa1

1 1 709
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Yes, it's doable.  You may need to use a slightly different way.  Eg, use jsonpath.  Like this: 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="AM-Extract-ClientID">
    <AssignVariable>
        <!-- maybe look this up from KVM or otherwise -->
        <!- for purposes of the demonstration, we just set it in a variable -->
        <Name>clientid_claim_name</Name>
        <Value>client_id</Value>
    </AssignVariable>
    <AssignVariable>
        <Name>clientid_jsonpath</Name>
        <Template>$.{clientid_claim_name}</Template>
    </AssignVariable>
    <AssignVariable>
        <Name>extracted_client_id</Name>
        <Value>BADDBEEF</Value>
        <Template>{jsonPath(clientid_jsonpath,jwt.DecodeJWT-1.payload-json)}</Template>
    </AssignVariable>
</AssignMessage>

 

screenshot-20221206-174527.png

EDIT

After further consideration there is another way to do what you want without resorting to Jsonpath.  You can use double curlies... and then the Template element with a ref. This works for me: 

<AssignMessage continueOnError="false" enabled="true" name="AM-Extract-Approach2">
    <AssignVariable>
        <Name>clientid_claim_name</Name>
        <Value>client_id</Value>
    </AssignVariable>
    <AssignVariable>
        <Name>variable_name</Name>
        <Template>jwt.DecodeJWT-1.claim.{clientid_claim_name}</Template>
    </AssignVariable>
    <AssignVariable>
        <Name>variable_template</Name>
        <Template>{{variable_name}}</Template>
    </AssignVariable>
    <AssignVariable>
        <Name>variable_value</Name>
        <Template ref="variable_template"/>
    </AssignVariable>
</AssignMessage>

screenshot-20221208-125844.png

 

 

0 Likes
Top Solution Authors
View all