Solved: Issue with Generate JWT policy?

robert · 02-26-2022 10:52 PM

for the GenerateJWT policy, I want to put a JSON array into a custom claim. However, the policy escapes the quotes and turns the array into a string. Am I misunderstand this or is there a bug?

Here's the sample I've hardcoded. Same thing happens when using a variable and the ref attribute.

<AdditionalClaims> <Claim name="roles">["admin.readprofiles", "admin.writeprofiles"]</Claim> </AdditionalClaims>

Here's the resulting JWT (some fields omitted for brevity):

{ "roles": "[\"admin.readprofiles\", \"admin.writeprofiles\"]", "exp": 1645943476, "iat": 1645942576, }

this JSON should not be: "roles": "[\"admin.readprofiles\", \"admin.writeprofiles\"]"

it should be: "roles": ["admin.readprofiles", "admin.writeprofiles"]

Am I misunderstanding this or is this a bug?

dchiesa1

Try this?

  <AdditionalClaims>
    <Claim type='string' array="true" name='roles'>admin.read,admin.write</Claim>
  </AdditionalClaims>

View solution in original post

dchiesa1

Try this?

  <AdditionalClaims>
    <Claim type='string' array="true" name='roles'>admin.read,admin.write</Claim>
  </AdditionalClaims>

robert

thanks Dino!! Accepted the solution! @dchiesa1

I ended up sending in a variable with same values. It worked! How many years have you been helping me out now???? I lost track! 🤣

dchiesa1

Glad to help, Robert!

robert

for future reference, and in case anyone needs a snippet, here's how to convert an inbound JSON string and prep it for the ref tag in the Generate JWT policy:

//grab the inbound JSON and convert to JavaScript Object
var inboundObject = JSON.parse(context.getVariable("inboundJSON"));

//convert the roles array to comma delimited string to be used by JWT policy
context.setVariable("roles", inboundObject.roles.join(', '));

now it can be used by Dino's example above

 <AdditionalClaims>
    <Claim type='string' array="true" name='roles' ref="roles"/>
  </AdditionalClaims>