Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

WSO2 API Manager, as an OAuth 2.0 Authorization Server with its Key Manager features, can accept JWT Assertions from OAuth 2.0 clients as a an means of resource owner authentication and authorization. Additionally, it can exchange the JWT token with OAuth 2.0 access tokens in order to access protected resources on behalf of the resource owner.

...

  1. Sign in to the WSO2 API Store (https://localhost:9443/store).
  2. Create a new application if an  only if the required application is already not available already.
  3. Anchor
    step3
    step3
    Generate the production and/or sandbox keys for the application.
  4. Sign in to the WSO2 API Manager Management Console (https://localhost:9443/carbon). 
  5. Navigate to the Identity Providers section under the Main tab of the management console and click Add.
  6. Provide the following values to configure the IdP:
    • Identity Provider Name: Enter the JWT issuer name as the identity provider name. This is used to generate the JWT assertion.

    • Identity Provider Public Certificate: The certificate used to sign the JWT assertion. 

      Info
      titleIdentity provider Public Certificate

      The Identity Provider Public Certificate is the public certificate belonging to the identity provider. You need to update this certificate in order to authenticate the response from the identity provider. This can be any certificate. If the identity provider is another API Manager or Identity Server, this can be a wso2.crt file.

      Follow the steps below to create the identity provider certificate from the wso2carbon.jks file:

      1. Open your Command Line interface, go to the <APIM_HOME>/repository/resources/security directory, and run the following command to generate the wso2.crt file.

        Code Block
        keytool -export -alias wso2carbon -file wso2.crt -keystore wso2carbon.jks -storepass wso2carbon

        You can find the generated wso2.crt file in the <APIM_HOME>/repository/resources/security  directory.

      2. Click Choose File, navigate to the location of the wso2.crt file, select the file and upload it.
        For more information on how public keys work and how to sign these keys using a certification authority, see Using Asymmetric Encryption in the WSO2 Administration Guide.

    • Alias: If the Identity Provider identifies this token endpoint by an alias (e.g., https://localhost:9443/oauth2/token), enter the name of the alias
      For more information, see Adding and Configuring an Identity Provider in the WSO2 Identity Server documentation.
  7. Navigate to the Main menu to access the Identity menu. Click List under Service Providers.
  8. Check if there is a Service Provider listed for the application, which you used to generate the keys in step 3.  The Service Provider name will have the following format.
    <application owner>_<application name>_<generated key type>

Using the JWT grant

After you have configured the prerequistes required to use the JWT Bearer grant, you can use the following cURL command to retrieve a access token and refresh token using a JWT.

...