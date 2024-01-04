Note To use claims inside a JSON Web Token (JWT), you must first set up a token validation configuration in API Shield.

This example configures additional protection for requests with a JSON Web Token (JWT) with a user claim of admin , based on the request’s attack score.

Create a custom rule that issues a Managed Challenge if the user claim in a JWT is admin and the attack score is below 40.

Expression : (lookup_json_string(http.request.jwt.claims["<TOKEN_CONFIGURATION_ID>"][0], "user") eq "admin" and cf.waf.score < 40)

: Action: Managed Challenge