Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon How do I extract specific claims from a JWT token in Logic Apps


How do I extract specific claims from a JWT token in Logic Apps


To extract specific claims from a JWT token in Azure Logic Apps, you can follow these steps:

1. Validate the JWT Token: First, ensure that the JWT token is valid. You can use API Management to validate the token by applying a Validate JWT policy. This policy checks the token's structure, claims, and signature[1][4].

2. Extract Claims: After validating the token, you can extract specific claims. In API Management, you can use the `Jwt` class to access the claims after validation. For example, you can extract the `Subject` claim, which typically contains the user's ID[7].

3. Use in Logic Apps: To use the extracted claims within Logic Apps, you might need to pass them as inputs or headers to your Logic App. This can be done by setting headers or variables in API Management policies that are then consumed by your Logic App[8].

Here is a simplified example of how you might extract the `Subject` claim in API Management and pass it to a Logic App: 

xml

    
    
        {{myAudienceGUID}}
    
    
        {{myIssuer}}
    




    @(((Jwt)context.Variables["jwt-token"]).Subject)

In this example, the `Subject` claim is extracted and added as a header named `caller-objectid`. This header can then be accessed within your Logic App to identify the caller or apply specific logic based on the user's ID[7].

If you need to directly decode a JWT within a Logic App without using API Management, you might need to use an external service or a custom action, as Logic Apps do not natively support JWT decoding[5]. However, using API Management for validation and extraction is a more secure and integrated approach.

Citations:
[1] https://techcommunity.microsoft.com/blog/azuredevcommunityblog/part-4-secure-your-logic-app-using-api-management-8211-validate-jwt-access-restr/336802
[2] https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-claims
[3] https://learn.microsoft.com/en-us/entra/identity-platform/access-token-claims-reference
[4] https://www.criipto.com/blog/jwt-validation-guide
[5] https://stackoverflow.com/questions/54257879/how-to-decode-a-jwt-token-in-azure-logic-app
[6] https://hasura.io/blog/best-practices-of-using-jwt-with-graphql
[7] https://www.mikaelsand.se/2022/06/extracting-values-from-a-jwt-token-in-apim/
[8] https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-custom-api-authentication