So currently when I am handling issuing OAuth tokens, multiple grant types are used for different endpoints in my proxies. What I am trying to do is check that the scopes requested for a particular grant type don't include a certain scope.

Here is an example of what I am trying to do:

<Condition>request.queryparam.response_type = "code" and request.queryparam.scope ~~ "scope_name"</Condition>

So this works fine if scope_name is the only scope being requested. But if anything else is requested at the same time, it issues the token which I don't want.

So my question is, how can I do a partial match? So if for example the requested scopes are scope_reject scope_approve, if scope_reject exists anywhere in the scope queryparam it finds the match.

Any assistance would be great!

Cheers.