Note that all DataWeave expressions must return a boolean value or they will always fail. The policy provides a claimSet variable that contains all the claims present in the incoming JWT. The JWT will be valid only if all DataWeave expressions are fulfilled.
This happens in several situations, such as when using the API to add a patient prior to sending charges, or even for a new patient being added for scheduling. You can set this claim as "Mandatory" by selecting Not Before Claim MandatoryĮnables the usage of custom validations in the policy. There are times when an API user wants to add insurance for a patient or to manipulate the insurance that a patient has. Indicates that the policy should check for the validity of the Not Before claim. You can set this claim as "Mandatory" by selecting Expiration Claim Mandatory. Indicates that the policy should check for the validity of the expiration claim. You can set this "Mandatory" if you select Audience Claim Mandatory. Indicates that the policy should check for the validity of the audience claim. If Skip Client Id Validation is not set, the client ID needs to be extracted from the token.īy default, the value will be extracted using the expression # as specified in the Oauth 2.0 token exchange draft. If you check this field, the policy does not verify that the client ID extracted from the JWT matches a valid client application of the API. Sets the maximum time, in milliseconds, to wait for a response when authenticating the access token validation endpoint. JWKS Service connection timeout (milliseconds) This field input is the amount of time, in minutes, during which the policy considers the JWKS valid. The URL to the JWKS server that contains the public keys for the signature validation. This field appears if you selected the JWKS method as JWT Key Origin. Use this field to provide the key used to check the signature of the token.Ī 32, 48 or 64 characters long shared secret in case HMAC was the selected JWT Signing Method or the PEM Public Key without the header nor the footer in case of selecting RSA. This field appears if you selected Text as JWT Key Origin. You can provide the key in the policy by selecting the Text option or by obtaining it from a JWKS. Specifies where to obtain the key for the Signature validation. Ignore this field if you selected none as JWT Signing Method. Specify the length of the key (in the case of the HMAC algorithm) or the algorithm (in the case of RSA) used for the signing method. The policy rejects the token if the JWT has a different signing method. Specify the signing method expected in the incoming JWT. This expression searches the JWT in the header named jwt. If you set the JWT Origin to Custom Expression, type the DataWeave expression returning the JWT here. If you set this field to Custom Expression, provide a DataWeave expression that returns the token. If you set this field to HTTP Bearer Authentication Header, the JWT is expected as Bearer.
Specifies from where in the request the JWT will be extracted: For Mule applications, the following parameters are displayed based on whether your environment inlcudes Mule applications: Element