Solved: Apigee JWT Policy Custom Claim Query

meghdeepbasu · 11-21-2017 04:29 PM

What I am Doing:

I am generating an array in javascript
Serialising it using JSON. Stringify() in javascript
Setting that in context in javascript

var myArr= [];

for (var i=0; i<1; i++) {
	var eachElement = {};
        eachElement.Atr1= SourceArray1[i];
        eachElement.Atr2 = SourceArray2[i];
        eachElement.Atr3 = SourceArray3[i];
        eachElement.Attr4 = 'abcd';
        myArr.push(eachElement); 
}

context.serVariable("myArr", JSON.stringify(myArr));

Then I am setting myArr as an custom claim in generate JWT Policy

    <CustomClaims>
        <Claim name="myArr" ref="myArr" />
    </CustomClaims>

What I am expecting:

I am expecting to get the following JSON object after decoding the jwt

  "myArr": [
    {
      "Atr1": "abcd",
      "Attr2": "abcd@example.com",
      "Attr3": "+11111111",
      "Attr4": "abcd"
    }
  ]

What results I am getting:

I am getting following string after decoding the jwt

 "myArr":
"[{\"Attr1\":\"abcd\",\"Attr2\":\"abcd@example.com\",\"Attr3\":\"+11111111\",\"Attr4\":\"abcd\"}]"

Can any one please help me in understanding what I am doing wrong here ?

DChiesa

yes - I think what you want is to tell the CustomClaim that it should find a map. So something like this:

    <CustomClaims>
        <Claim name="myArr" ref="myArr" type='map'/>
    </CustomClaims>

Can you try? and LMK ?

View solution in original post

DChiesa

yes - I think what you want is to tell the CustomClaim that it should find a map. So something like this:

    <CustomClaims>
        <Claim name="myArr" ref="myArr" type='map'/>
    </CustomClaims>

Can you try? and LMK ?

meghdeepbasu

Thanks @Dino,

Unfortunately, with type as map also, it does not work. The policy raises error, when I set the type to map

{
  "fault": {
    "faultstring": "Claim type does not match type of claim value: policy(JWT.GeneateJWT) claim(myArr)",
    "detail": {
      "errorcode": "steps.jwt.ClaimTypeMismatch"
    }
  }
}

And the interesting point is, the same error is raised when I try setting the object or serialise it with JSON.stringify.

Also I do not see any issue with the typeof value of the object in the javascript. Following is the value printed on trace

typeof myArr: object
typeof JSON.stingify(myArr): string

Please let me know your thoughts.

meghdeepbasu

Hi @Dino,

Since we needed to finish the stuff, I have changed the way we are storing the data (to array creation) and able to generate the jwt as expected.

So, the way I have moved forward, is instead of forming the Array myArr from 3 different arrays, I have stored the myArr. And then I used the following option in the JWT Policy

    <CustomClaims>
        <Claim name="myArr" ref="myArr" type="map" array="true"/>
    </CustomClaims>

But I have another use case, for which I would raise a new topic

DChiesa

Ahh, yes... That is the correct way to do it, with both array= and type= attributes.

BTW, we are looking at the design of this interface. From experience it's a little klunky for people, and we think we can just make it do "the right thing" without all the attributes. So it may get simpler for you. As you may be aware the JWT policies are in "alpha" release, and this is one of the things we may wish to change and improve before general release.