Allow empty claim value to mimic behavior of ASP.NET AuthorizationPolicyBuilder.RequireClaim method

src/Ocelot/Authorization/ClaimsAuthorizer.cs

@@ -5,6 +5,8 @@
 
 namespace Ocelot.Authorization
 {
+    /// <summary>Authorizer which is implemented using Claims-based authorization.</summary>
+    /// <remarks>Microsoft Learn: <see href="https://learn.microsoft.com/en-us/aspnet/core/security/authorization/claims">Claims-based authorization in ASP.NET Core</see>.</remarks>
     public class ClaimsAuthorizer : IClaimsAuthorizer
     {
         private readonly IClaimsParser _claimsParser;
@@ -22,8 +24,12 @@ List<PlaceholderNameAndValue> urlPathPlaceholderNameAndValues
         {
             foreach (var required in routeClaimsRequirement)
             {
-                var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, required.Key);
+                if (string.IsNullOrEmpty(required.Value) || string.IsNullOrWhiteSpace(required.Value))
+                {
+                    continue; // if required value is not specified
+                }
 
+                var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, required.Key);
                 if (values.IsError)
                 {
                     return new ErrorResponse<bool>(values.Errors);
@@ -66,6 +72,11 @@ List<PlaceholderNameAndValue> urlPathPlaceholderNameAndValues
                     }
                     else
                     {
+                        //// if required value is not specified
+                        //if (string.IsNullOrEmpty(required.Value))
+                        //{
+                        //    continue;
+                        //}
                         // static claim
                         var authorized = values.Data.Contains(required.Value);
                         if (!authorized)