We are using a light-4j proxy service with openapi3 and one of the api methods require more than one scope. Using enableVerifyScope of the jwt, we are getting success if one of the jwtScopes matches any of the specsScopes. Is there a way that we can verify all the required scopes and not only one. Thanks!
You have a very unique use case. Normally you can define several scopes for your endpoint and the scope verification will ensure that the incoming JWT has at least one matched scope to proceed. It looks like you want to ensure that the JWT contains all the scopes in order to grant access to the endpoint. This is not the standard implementation; however, it is very easy to customized the https://github.com/networknt/light-rest-4j/blob/master/openapi-security/src/main/java/com/networknt/openapi/JwtVerifyHandler.java and replace the built in handler in handler.yml file. In light-4j, all middleware handlers can be plugin and so many customers have there own customized handlers especially handlers within business domain. Let me know if you have question on how to inject your handlers to your applications.