diff --git a/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 b/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2
index b6ceb17e78..aadb3a1a48 100644
--- a/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2
+++ b/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2
@@ -1,4 +1,6 @@
-
-
-
-
+
+
+
+
+
+
diff --git a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json
index fd1e17fda8..f7a82112eb 100644
--- a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json
+++ b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json
@@ -2,7 +2,7 @@
"category": "Mediation",
"name": "jwtClaimBasedAccessValidator",
"version": "v1",
- "displayName": "JWT claim based access grant validator",
+ "displayName": "JWT claim based access validator",
"description": "This policy validates configured claim name and value in this policy with the claim name and value sent in the JWT access token to grant access to the API resource.",
"applicableFlows": [
"request"
@@ -15,38 +15,37 @@
],
"policyAttributes": [
{
- "name": "grantVerificationClaim",
- "displayName": "Access grant claim name",
- "description": "This should be the name the custom claim which is expected in the JWT access token",
+ "name": "accessVerificationClaim",
+ "displayName": "Access verification claim name",
+ "description": "This should be the name the custom claim which is expected in the JWT access token.",
"validationRegex": "^[a-zA-Z_]+$",
"type": "String",
"defaultValue": "aut",
"required": true
},
{
- "name": "grantVerificationClaimValue",
- "displayName": "Access grant claim value",
- "description": "This should be the value of a custom claim which is expected in the JWT access token",
+ "name": "accessVerificationClaimValue",
+ "displayName": "Access verification claim value",
+ "description": "This should be the value of a custom claim which is expected in the JWT access token.",
"type": "String",
"defaultValue": "APPLICATION",
"required": true
},
{
- "name": "shouldAllowValidation",
- "displayName": "Allow claim based access grant validation",
- "description": "If ticked, the claim based access grant validation will be performed.",
- "type": "Boolean",
- "defaultValue": "true",
+ "name": "accessVerificationClaimValueRegex",
+ "displayName": "Access verification claim value regex",
+ "description": "If a regex is provided, the claim values will be matched using this regex. Otherwise they will be checked for equality.",
+ "type": "String",
+ "defaultValue": "",
"required": false
},
{
- "name": "claimBasedAccessGrantValidator",
- "displayName": "JWT claim based access grant validation mediator",
- "description": "Fully qualified class name for the validation implementation",
- "validationRegex": "^([a-zA-Z_$][a-zA-Z\\d_$.]*)$",
- "type": "String",
- "defaultValue": "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator",
- "required": true
+ "name": "shouldAllowValidation",
+ "displayName": "Allow flow when claims are not matching",
+ "description": "Tick this to allow the flow when the claims are not matching. Keeping this un-ticked will allow the flow only when the claims are matched.",
+ "type": "Boolean",
+ "defaultValue": "false",
+ "required": false
}
]
}