Hi,
I setup 2 APIs with Authentication Mode “JWT” and 2 policies for APIs
I generated a JWT token with jwt.io with two policies in payload and identity source as “user_name”
The first request to an API, I saw response and looked up for the key, only 1 policy is listed under “Apply policies”. My expectation is two policies are listed there so I can use that JWT token to send request to the other API just like hashed key generated with Tyk Management
So currently does Tyk support multiple policies for external JWT token?
You want to create multiple JWT tokens to be used with different APIs which have different policies. However, since for each sub we can have only 1 internal token, it is not possible.
To overcome this issue, we can offer to modify JWT sub field, to include both user id and policy id by appending one to the other. “-<pol_id>“. Policy ID will still be specified inside JWT token as before, but because of the modification to sub, Tyk will create multiple separate internal tokens for each combination as each internal keyID is orgid+MD5(sub).
Thanks Josh. It works but I have to maintain multiple jwt tokens for a user and it also reflects on statistic “Traffic Activity by Key”. I hope that this scenario will be supported in next release.
