Claims
Cloud Agnostic
Open Source
Validates tenant membership by reading a claim from the authenticated user’s token. Supports both single-value and array claims. If the claim value matches the requested tenant ID, the subscription is allowed. No additional network calls are required, making this the fastest option.
Source code: Notiway.Plugins.Portable.TenantValidation.Claims
Compatibility
| Compatible with | All Buffer, Broker, Storage, and Host plugins. Requires token-based auth (e.g., JWT) |
| Product | Notiway Notify |
Installation
Environment Variables
Required
| Variable | Description |
|---|---|
Infra__Plugins__TenantValidation__Name | Set to Claims |
Infra__Plugins__TenantValidation__Version | Plugin version (e.g., 0.9.0) |
Optional
| Variable | Default | Description |
|---|---|---|
Infra__Plugins__TenantValidation__Settings__ClaimType | tenant_id | The name of the JWT claim containing the tenant ID |
Infrastructure
No infrastructure setup required. Your identity provider must include the configured claim in the JWT token.
Docker Compose
docker-compose.yml
services:
notiway:
image: notiway/notify:portable-0.6.0
ports:
- "5000:8080"
environment:
- Infra__Plugins__TenantValidation__Name=Claims
- Infra__Plugins__TenantValidation__Version=0.9.0
- Infra__Plugins__TenantValidation__Settings__ClaimType=tenant_idUsage
Ensure your identity provider includes the tenant claim in the JWT token. Both single-value and array claims are supported.
Single tenant — the user can subscribe to the acme-corp tenant audience:
{
"sub": "user-123",
"tenant_id": "acme-corp",
"iss": "https://auth.example.com",
"aud": "notiway-notify"
}Multiple tenants — the user can subscribe to both acme-corp and other-corp tenant audiences:
{
"sub": "user-123",
"tenant_id": ["acme-corp", "other-corp"],
"iss": "https://auth.example.com",
"aud": "notiway-notify"
}