How to extract / decrypt claims from JWT (JSON Web Token) token on Azure API Management (APIM)?

<set-variable name="email" value="@{
        var authHeader = context.Request.Headers.GetValueOrDefault("Authorization", "");
        return authHeader.AsJwt()?.Claims.GetValueOrDefault("upn", ""); }" />