Skip to main content
Version: v41

identity_provider_custom_attribute

Custom attribute validations enforce that JWT token claims contain expected values. For a JWT token claim to pass custom validation the claim must either have a matching single value or it must have an array of values of which at least one value matches.

field_namestringrequired

Name of JWT token claim

typestringrequired

Type of the custom attribute validation. "string_pattern" compares a claim value to a glob pattern. "numeric_range" checks that the claim value is within an expected numeric range. "ip_range" checks that claim value is an IP address within an IP range. "ip_client" check that claim value matches the IP address from which the token login REST API request is made.

Possible values: [string_pattern, numeric_range, ip_range, ip_client]

expected_valuestring

Expected claim value as glob pattern when type is "string_pattern"

startstring

Start value. If type is numeric_range then start must be an integer or a float value in string format. If type is ip_range then start must be a valid IPv4 or IPv6 address.

endstring

End value. If type is numeric_range then the type of the value must match start and the value must not be smaller than start. If type is ip_range then the IP version must match start and the value must not be smaller than start.

identity_provider_custom_attribute
{
  "field_name": "string",
  "type": "string_pattern",
  "expected_value": "string",
  "start": "string",
  "end": "string"
}