Versions Compared

Old Version 6

changes.mady.by.user Gomathy Kumarakuruparan

Saved on

compared with

New Version 7

changes.mady.by.user Gomathy Kumarakuruparan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This section provides instructions on how to get the user claims of the authorized user as a JWT token with the validation response. 

...

  1. Open the <IS_HOME>/repository/conf/identity/identity.xml file and set the <Enabled> element (found under the <OAuth>,<AuthorizationContextTokenGeneration> elements) to true as shown in the code block below. 

    Code Block
    languagexml
    <AuthorizationContextTokenGeneration>
            <Enabled>true</Enabled>
            <TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
            <ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
            <ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
            <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
            <AuthorizationContextTTL>15</AuthorizationContextTTL>
 </AuthorizationContextTokenGeneration> 

  2. Add the following property under <OAUTH> section to use the JWT Token Builder instead of the default Token Builder.

    Code Block
    <IdentityOAuthTokenGenerator>org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer</IdentityOAuthTokenGenerator>
    Note

    If you need to use a self-contained access token generator, make sure you change the above values accordingly.

  3. The following configurations are optional and can be configured as needed.

    1. See the Extension Points for OAuth topic for more details about the usage of the 'TokenGeneratorImplClass' and 'ClaimsRetrieverImplClass'. 

    2. ConsumerDialectURI: Defines the URI for the claim dialect under which the user attributes need to be retrieved. 

    3. SignatureAlgorithm: Defines the algorithm to be used in signing the payload that carries user claims. If you want to disable signing of the JWT token, set this element to "NONE". 

      Code Block
      languagexml
      <SignatureAlgorithm>NONE</SignatureAlgorithm>

    4. AuthorizationContextTTL: Defines the expiry time for JWT token in minutes.

Note

Instead of configuring the JWT token in the identity.xml file, you can also choose to configure it using the management console while configuring the OAuth application.

  • On the Main tab, click Service Providers -> Add and register a new service provider. 
  • Expand the Inbound Authentication configuration -> OAuth/OpenID Connect Configuration section, and click Configure
    • Select JWT as the token issuer.

    Select JWT as the Token Issuer for a new or existing OAuth/OpenID connect consumer application. 

    Calling the OAuth2ValidationService with a valid token

    ...