How to Authorize with nested JWT claim generated from Keycloak
berkslv opened this issue · comments
I use Keycloak as identity and JWT token provider. I am successfully using JWT tokens generated from Keycloak for Authentication but when it comes to Authorization, Keycloak's JWT token structure cannot be used in Ocelot's RouteClaimsRequirement
field in ocelot.json because Keycloak's JWT structure is similar to the following and contains many nested attributes. How can I use these nested claims? Is there a feature for this or do I need to develop a custom middleware?
{
"exp": 1706600524,
"iat": 1706600224,
"auth_time": 1706597784,
"jti": "4057d8a1-457c-4c48-a877-4d6311cb7437",
"iss": "http://localhost:5050/identity/realms/microcommerce",
"aud": "account",
"sub": "18957315-668b-4bfb-8d57-e67265553029",
"typ": "Bearer",
"azp": "postman",
"session_state": "736a2ddc-7092-4c18-9d36-be2b38d02f94",
"acr": "0",
"allowed-origins": [
"https://oauth.pstmn.io"
],
"realm_access": {
"roles": [
"offline_access",
"default-roles-microcommerce",
"uma_authorization",
"customer"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "openid email profile",
"sid": "736a2ddc-7092-4c18-9d36-be2b38d02f94",
"email_verified": false,
"name": "Berk Selvi",
"preferred_username": "berkslv",
"given_name": "Berk",
"family_name": "Selvi",
"email": "example@gmail.com"
}