The JSON Web Token(JWT) bearer grant is simply a JSON string containing claim values. The JWT Grant Handler will evaluate and validate the claims in the JWT token at the Authorization Server end, and issue an access token at the Authorization Server end.
WSO2 API Manager, as an OAuth 2.0 Authorization Server with its Key Manager features, can accept JWT Assertions from OAuth 2.0 clients as means of resource owner authentication and authorization. Additionally, it can exchange the JWT token with OAuth 2.0 access tokens in order to access protected resources on behalf of the resource owner.
| Table of Contents |
|---|
The Flow
Configuring the JWT grant
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"sub":"admin",
"aud":[
"https://localhost:9443/oauth2/token"
],
"nbf":1507546100,
"iss":"jwtIDP",
"exp":1507606100,
"iat":1507546100,
"jti":"Token56756"
} |
The signature is calculated by base64 URL encoding the header and payload and concatenating them with a period as a separator and signing it:
| Code Block |
|---|
Signature = sign(encodeBase64(header) + '.' + encodeBase64(payload)) |
The signature must then be base64 URL encoded. JWT assertion can be generated by concatenating these three encoded values with a separator dot ".".
| Code Block |
|---|
assertion = encodeBase64(header) + '.' + encodeBase64(payload) + '.' + encodeBase64(signature) |
...