JWT Policies
Our JWT policy system provides a powerful mechanism to limit what a given agent can do. Which devices a support agent can connect to or which sessions they are allowed to view are a few examples.
Sometimes you may want to limit the scope of what a JWT can be used for. For example, you may want to limit which devices a support agent can connect to, or which sessions they are allowed to view. Our JWT policy system provides a powerful mechanism for you to configure these types of rules.
The rules are defined as an extra policy claim in the JWT, described using the following structure:
When a policy claim is specified on a JWT, only the resources allowed by that policy can be accessed, i.e. an empty policy will not allow access to anything.
The policy description allows you to enforce which values must appear on the resources in order for the JWT to be granted access. Only custom_data properties and resource ids are supported in policies at present. See the examples below for how to build your policy.
Example JWT Policies
A policy that limits the JWT to devices only that are associated to a particular user id:
A policy that limits the JWT to sessions only that are associated to a particular user id:
A policy that limits the JWT to devices and sessions that you have added your own custom data to:
A policy that allows full access to sessions, but no access at all to devices:
A policy that allows access to a session with id 12345, but no access at all to devices:
Upgrading from V1 policies
Version 1 of our JWT policies are being deprecated in favour of a more flexible structure, so you will need to update your integration with a simple change. To upgrade your policy you should add a custom_data object around the policy for each resource type, and an explicit version field to the policy.
For example, a version 1 policy used to start sessions with matching devices looked like this:
Would become a version 2 policy that looks like this:
Last updated