You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hans Zandbelt edited this page Mar 3, 2023
·
4 revisions
Authorization
Authorization based on claims provided in the access token (JWT or introspection result) can be done using regular Apache Require directives. Directives can be surrounded by <RequireAll> or (default) <RequireAny> directives to create complex authorization logic.
Exact String Matching
Examples using exact string matching (separator :):
Require oauth2_claim sub:joe
When the claim referred to by the provided key is an array, the array values will be looped over to find a match.
Regular Expression Matching
Example using regular expression matching (separator ~), e.g. to search for value "two" inside a comma/space separated string "one, two, three, four, five":
Require oauth2_claim scope~(^|\s)two($|\s|,)
When the claim referred to by the provided key is an array, the array values will be looped over to find a match.