POC - Rate Limiting based on a claim

[shaun-nx]

Questions to answer, and things to consider, during this POC:

• 1. Should nested claims be supported initially?
• 2. What $jwt_ variables are required to expose this behaviour?
  • Discussion 4417 contains details that might help
• 3. Can NGINX handles nested claims natively?
• 4. Draft of the Policy interface
• 5. Determine if TMA is required

Example code for processing nested claims:

function tokenClaimMatch(val, exp) {
    let arrayMatch = false;
    // Array claims are passed through via auth_jwt_set as strings
    // e.g. from [ "a", "b" ] to "a,b"
    if (val && val.includes(",")) {
        arrayMatch = val.split(",")
                        .map(v => v.trim())
                        .includes(exp);
    }
    return arrayMatch || val === exp;
}

Notes:

• Look to Aha for additional details
• This POC can ignore state sharing

[github-actions]

Hi @shaun-nx thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!