for the GenerateJWT policy, I want to put a JSON array into a custom claim. However, the policy escapes the quotes and turns the array into a string. Am I misunderstand this or is there a bug?
Here’s the sample I’ve hardcoded. Same thing happens when using a variable and the ref attribute.
<AdditionalClaims> <Claim name="roles">["admin.readprofiles", "admin.writeprofiles"]</Claim> </AdditionalClaims>
Here’s the resulting JWT (some fields omitted for brevity):
{ "roles": "[\"admin.readprofiles\", \"admin.writeprofiles\"]", "exp": 1645943476, "iat": 1645942576, }
this JSON should not be: “roles”: “["admin.readprofiles", "admin.writeprofiles"]”
it should be: “roles”: [“admin.readprofiles”, “admin.writeprofiles”]
Am I misunderstanding this or is this a bug?
Try this?
<AdditionalClaims>
<Claim type='string' array="true" name='roles'>admin.read,admin.write</Claim>
</AdditionalClaims>
thanks Dino!! Accepted the solution! @dchiesa1
I ended up sending in a variable with same values. It worked! How many years have you been helping me out now??? I lost track! 
for future reference, and in case anyone needs a snippet, here’s how to convert an inbound JSON string and prep it for the ref tag in the Generate JWT policy:
//grab the inbound JSON and convert to JavaScript Object
var inboundObject = JSON.parse(context.getVariable("inboundJSON"));
//convert the roles array to comma delimited string to be used by JWT policy
context.setVariable("roles", inboundObject.roles.join(', '));
now it can be used by Dino’s example above
<AdditionalClaims>
<Claim type='string' array="true" name='roles' ref="roles"/>
</AdditionalClaims>
2 Likes