Last active
November 11, 2022 21:52
-
-
Save gregjbrown/d652a2559f37477acc2d8172a87a1929 to your computer and use it in GitHub Desktop.
Azure APIM policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package rules | |
import future.keywords.if | |
default allow = false | |
# allow everything unless denied | |
allow if not deny | |
# deny feedback posts without a valid JWT | |
deny { | |
input.request.method == "POST" | |
input.request.parsed_path[3] == "feedback" | |
not claims | |
} | |
# Decode and verify the JWT and get claims | |
claims := payload { | |
[valid, _, payload] := io.jwt.decode_verify(bearer_token, data.secret) | |
valid | |
} | |
# Access the JWT in the bearer token | |
bearer_token := t { | |
v := input.request.headers.authorization | |
startswith(v, "Bearer ") | |
t := substring(v, count("Bearer "), -1) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment