Home
Hans Zandbelt edited this page Mar 3, 2023
·
4 revisions
Authorization based on claims provided in the access token (JWT or introspection result) can be done using regular Apache Require directives. Directives can be surrounded by <RequireAll> or (default) <RequireAny> directives to create complex authorization logic.
Examples using exact string matching (separator :):
Require oauth2_claim sub:joeWhen the claim referred to by the provided key is an array, the array values will be looped over to find a match.
Example using regular expression matching (separator ~), e.g. to search for value "two" inside a comma/space separated string "one, two, three, four, five":
Require oauth2_claim scope~(^|\s)two($|\s|,)When the claim referred to by the provided key is an array, the array values will be looped over to find a match.