I'm using the validate-jwt policy in APIM. As a part of the verification, I want to confirm that the token has a specific role set. If I decode the token, the role appears as an array:
...
"roles": [
"Api.Call"
],
...
How do I write this check? I've seen that you can use this syntax:
<required-claims>
<claim name="scope" match="all" separator=",">
<value>api1.write</value>
</claim>
</required-claims>
But this is not a string with a specific separator, so that doesn't seem right.
You can use this:
<required-claims>
<claim name="roles" match="any">
<value>Api.Call</value>
</claim>
</required-claims>