Finally, I found a solution to this.

As of date, it is not possible to match on a "substring" in Istio's AuthorizationPolicy. You can either match with a prefix (e.g "abc*") or suffix ("*abc") but not something in the middle (e.g * abc *).

To solve this, I used an envoyFilter to generate a custom header which only contains the exact header value to match against and then used the same in the AuthorizationPolicy.