JWT Claims not existing in Tyk_Context while Url Rewriting

I have Enabled Context Vars in the API Definition File. I have also tested other tyk_context variables that exist, but token and jwt_claims_* dont.

“do_not_track”: false,
“enable_context_vars”: true


“url_rewrites”: [{
“path”: “example/test”,
“method”: “GET”,
“match_pattern”: “(.)/(.)”,
“rewrite_to”: “?sub=$tyk_context.jwt_claims_pol”

Response, when testing from that example endpoint:

Hello Test! $tyk_context.jwt_claims_pol

Any help would be appreciated.

Thanks, Kartik

Have yu restarted the Tyk process?

can you share your JWT (raw JSON)?

Are you using OIDC or JWT as the auth method?

Also what version are you running?

Thank you for the quick response. Yes I am on docker and have restarted many times. Yes I will share the raw json, I’ll be back by my laptop in an hour or so. I am using jwt as auth method. Version is 2.3.1 or 2, I’ll double check when I get back to the laptop, I am running the latest image of tyk from docker.


If you can share your api definition too that would be great - then we can replicate easier :slight_smile:


On further investigation this looks like a more serious bug, I’ve raised an issue in our backlog to track it:

Great, Here is the API definition and raw JWT JSON:

“iss”: “Trunomi”,
“aud”: [
“jti”: “d33bc950-e4f5-11e6-9119-9d4cc2e96baa”,
“pol”: policyid",
“sub”: “enterprise-mock::bobby_1”,
“iat”: 1485565514,
“exp”: 1485567314

API Definition for a simple test API:

“name”: “Trunomi Example API”,
“api_id”: “14db15b6-e4c7-11e6-bf01-fe55135034f3”,
“org_id”: “Trunomi-Dev”,
“definition”: {
“location”: “header”,
“key”: “x-trunomi-version”
“use_keyless”: false,
“enable_jwt”: true,
“jwt_source”: “Public KEY – I can give it to u privately if needed”,
“jwt_identity_base_field”: “sub”,
“jwt_policy_field_name”: “pol”,
“jwt_signing_method”: “rsa”,
“auth”: {
“auth_header_name”: “authorization”
“version_data”: {
“not_versioned”: false,
“versions”: {
“2016-02-28”: {
“name”: “2016-02-28”,
“expires”: “3000-01-02 15:04”,
“use_extended_paths”: true,
“extended_paths”: {
“ignored”: [],
“url_rewrites”: [{
“path”: “example/test”,
“method”: “GET”,
“match_pattern”: “(.)/(.)”,
“rewrite_to”: “?sub=$tyk_context.$jwt_claims_pol”
“proxy”: {
“listen_path”: “/example/test”,
“target_url”: “http://dev.local.net:3050/test”,
“strip_listen_path”: true
“do_not_track”: false,
“enable_context_vars”: true

So then I assume, i am hitting this because I am testing with the same JWT, I could just generate multiple for my tests and it would just work? Or is it for the same Public Key for verification?

Thanks, Kartik

Sorry for the delays in responses, had to run a few errands.

Thanks and appreciate the quick responses, great tech though!

In real use though this would be a major issue for sessions.

Looking at the JWT Middleware code; it looks like it could be pretty straightforward. A couple options:

  1. I could attempt the fix, contribute back and use a custom build locally…
  2. Create a custom JWT Middleware that works around it until its fixed…


I have submitted a pul request with this fix.

@Martin I am going to fork the Docker project so I can get the fix I pushed until official Docker image is updated to the release containing the fix.


The docker projects should all be updated with the latest release now :slight_smile: