Hi, Is there any way i can check multiple scope for the same endpoint based on different attribute value in the request?
I need to check the scope based on the request data. eg. if the request attribute "env":"QA" then i need to check "env.qa" scope but if its "env":"staging" then i need to check different scope. Can someone help me how to handle multiple scope check based on the different condition?
Have you seen the condition reference? Within conditions you can express such logic.
You used the term "request attribute". I don't know what that is, exactly. Maybe you mean "query parameter." In that case the condition is something like this:
<Condition>request.queryparam.env = "QA"</Condition>
Wrap that condition around a policy that checks for particular scopes. Or, Combine that boolean with another than checks your scope. For example if scope is available in a context variable as a string like this:
qa dev
Then your logic statement to check for the presence of the "qa" value within scope would be something like this:
request.queryparam.env = "QA" AND NOT (scope ~~ "^.*\bqa\b.*$")
That says "if the env query param holds "QA" and the scope context variable does not contain "qa". If that last bit looks like cartoon swearing, it's because it's a "regular expression".
In that case I suppose you might want to raise a fault with a "insufficient scope" message. So, like this:
<Step> <Name>RaiseFault-InsufficientScope</Name> <Condition>request.queryparam.env = "QA" AND NOT (scope ~~ "^.*\bqa\b.*$")</Condition> </Step>