Giters

ThreeMammals / Ocelot

.NET API Gateway

Home Page:https://www.nuget.org/packages/Ocelot

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

How to Authorize with nested JWT claim generated from Keycloak

berkslv opened this issue · comments

commented

I use Keycloak as identity and JWT token provider. I am successfully using JWT tokens generated from Keycloak for Authentication but when it comes to Authorization, Keycloak's JWT token structure cannot be used in Ocelot's RouteClaimsRequirement field in ocelot.json because Keycloak's JWT structure is similar to the following and contains many nested attributes. How can I use these nested claims? Is there a feature for this or do I need to develop a custom middleware?

{
  "exp": 1706600524,
  "iat": 1706600224,
  "auth_time": 1706597784,
  "jti": "4057d8a1-457c-4c48-a877-4d6311cb7437",
  "iss": "http://localhost:5050/identity/realms/microcommerce",
  "aud": "account",
  "sub": "18957315-668b-4bfb-8d57-e67265553029",
  "typ": "Bearer",
  "azp": "postman",
  "session_state": "736a2ddc-7092-4c18-9d36-be2b38d02f94",
  "acr": "0",
  "allowed-origins": [
    "https://oauth.pstmn.io"
  ],
  "realm_access": {
    "roles": [
      "offline_access",
      "default-roles-microcommerce",
      "uma_authorization",
      "customer"
    ]
  },
  "resource_access": {
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links",
        "view-profile"
      ]
    }
  },
  "scope": "openid email profile",
  "sid": "736a2ddc-7092-4c18-9d36-be2b38d02f94",
  "email_verified": false,
  "name": "Berk Selvi",
  "preferred_username": "berkslv",
  "given_name": "Berk",
  "family_name": "Selvi",
  "email": "example@gmail.com"
}