Hey everyone,
I’m trying to make it so that any JWT is only valid for the IP address that generated it.
Is there a rule I can create or a way to get the IP included in the JWT?
I want to avoid having to write server-side code that queries the Management API or that keeps track of the sessions.
Thanks!
Hey @dandrei!
I think there might be a way to do it. So if you refer to context object in Rules:
You can access the context object properties. Using context.request you can then access the ip property. From then on you can set it as a custom claim.
Here’s doc on custom claims:
I think it should probably do the job!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.