score:2

Accepted answer

this is pretty much exactly what .transform is for. you extract the token with jsonpath, do a transform to get the sub, and then assert that it matches the username.

(i have not tried the actual jwt extract / validation)

.check(jsonpath("$.access_token").transform(jwt => jwt.decode(jwt).getclaim("sub").asstring()).is("${username}")

Related Query

More Query from same tag