JWT WSO2

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

JWT WSO2

Felipe Pinheiro
Hello,

I am trying to make a change in JWT by adding new information sent in the request (/token).

Is there a way to send a parameter in a custom grant type and add that parameter inside JWT?

I am with this issue there for some weeks and I don't know if is possible to perform that change in the JWT.

Thank you very much.

Cheers,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: JWT WSO2

Farasath Ahamed


On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <[hidden email]> wrote:
Hello,

I am trying to make a change in JWT by adding new information sent in the request (/token).

So by JWT are you referring to the id_token?

Is there a way to send a parameter in a custom grant type and add that parameter inside JWT?

I am with this issue there for some weeks and I don't know if is possible to perform that change in the JWT.

If you could explain your use case in detail devs will be able to guide on achieving it using a suitable configuration/extension point. 

Thank you very much.

Cheers,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/
_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev


--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619





_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: JWT WSO2

Felipe Pinheiro
Hello,

I need to add new information in the token, but this information will be sent when to call the /token.

For example, I have this return: 

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7ImlkIjoyLCJuYW1lIjoidGVzdCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6ImFkbWluIn0sInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdLCJjb25zdW1lcktleSI6ImhGNG9UTzVONnJtX3d1QWVnWDdGWldFdWRFTWEiLCJleHAiOjE1NDk0ODM2MDQsImlhdCI6MTU0OTQ4MDAwNDgwMSwianRpIjoiOTIwNzM5ZWEtZjE2NS00ZDRjLTliYTEtNDRjYWFjZmZlNzQxIn0=.Gt60ZRnGC7KYUQ6dv7SbVljIA6ION3fp5yqo4qGtbSlvqHCBw6mAYYQlXHDc_5RRVa3xnTsqPvW3f8LcKTHvWZriRjj4j31GTwBobM7nfACEsghGV7cSCkgIyAdqT36Tm7EECi2zkI30KlcznE5bZ6P3ts6yPAHcMi-L_gCH3NDWaqrTg9dXo_YF9grTxoYglaf_T9WiuLlkgohk46uatRTTtEBZQKTrjlXbALK3uPdFYurFY1sQGIa_BTDNgTWRi2yQsjTce6ElgDAxhNyNKKh0x3oksKWoSV6-_pSx2QPTiKt90I1rAvp-P_SOm_Y83QGSFCJ7MlaK5wYQlih-vA==

{
  "aud" : "http://org.wso2.apimgt/gateway",
  "sub" : "admin",
  "application" : {
    "id" : 2,
    "name" : "test",
    "tier" : "Unlimited",
    "owner" : "admin"
  },
  "scope" : "default",
  "iss" : "https://localhost:9443/oauth2/token",
  "keytype" : "PRODUCTION",
  "subscribedAPIs" : [ ],
  "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
  "exp" : 1549483604,
  "iat" : 1549480004801,
  "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
}
But I have to add a new value, as the example below:
{
  "aud" : "http://org.wso2.apimgt/gateway",
  "sub" : "admin",
  "application" : {
    "id" : 2,
    "name" : "test",
    "tier" : "Unlimited",
    "owner" : "admin"
  },
  "scope" : "default",
  "iss" : "https://localhost:9443/oauth2/token",
  "keytype" : "PRODUCTION",
  "subscribedAPIs" : [ ],
  "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
  "exp" : 1549483604,
  "iat" : 1549480004801,
  "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
  "accountid":"330"
}
So, The accountID information should be sent using /token resource and added in the token returned.
I don't know if this makes sense.
Thanks,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/


Em qui, 7 de fev de 2019 às 18:41, Farasath Ahamed <[hidden email]> escreveu:


On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <[hidden email]> wrote:
Hello,

I am trying to make a change in JWT by adding new information sent in the request (/token).

So by JWT are you referring to the id_token?

Is there a way to send a parameter in a custom grant type and add that parameter inside JWT?

I am with this issue there for some weeks and I don't know if is possible to perform that change in the JWT.

If you could explain your use case in detail devs will be able to guide on achieving it using a suitable configuration/extension point. 

Thank you very much.

Cheers,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/
_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev


--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619





_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: JWT WSO2

Piraveena Paralogarajah
Hi,

You can add new claims into id_token by implementing a supplementary OSGi service [1] in Identity Server. If you want to add claims into ID Token in your own way, rather than changing the existing code base, this service can be used. This service can be plugged in and can be used to inject claims into ID Token.

Initially you have to implement the ClaimProvider service in identity-inbound-oauth[1] component and then you need to publish your service. Once you publish your service, org.wso2.carbon.identity.oauth component in identity-inbound-oauth is listening to ClaimProvider services. Once you register your service, that can be found by the Default IDTokenBuilder class [2]. Then your claims will be added to ID token.

You can refer this blog [3] for further information on how to add new claims into id_token.


On Fri, Feb 8, 2019 at 6:41 PM Felipe Pinheiro <[hidden email]> wrote:
Hello,

I need to add new information in the token, but this information will be sent when to call the /token.

For example, I have this return: 

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7ImlkIjoyLCJuYW1lIjoidGVzdCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6ImFkbWluIn0sInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdLCJjb25zdW1lcktleSI6ImhGNG9UTzVONnJtX3d1QWVnWDdGWldFdWRFTWEiLCJleHAiOjE1NDk0ODM2MDQsImlhdCI6MTU0OTQ4MDAwNDgwMSwianRpIjoiOTIwNzM5ZWEtZjE2NS00ZDRjLTliYTEtNDRjYWFjZmZlNzQxIn0=.Gt60ZRnGC7KYUQ6dv7SbVljIA6ION3fp5yqo4qGtbSlvqHCBw6mAYYQlXHDc_5RRVa3xnTsqPvW3f8LcKTHvWZriRjj4j31GTwBobM7nfACEsghGV7cSCkgIyAdqT36Tm7EECi2zkI30KlcznE5bZ6P3ts6yPAHcMi-L_gCH3NDWaqrTg9dXo_YF9grTxoYglaf_T9WiuLlkgohk46uatRTTtEBZQKTrjlXbALK3uPdFYurFY1sQGIa_BTDNgTWRi2yQsjTce6ElgDAxhNyNKKh0x3oksKWoSV6-_pSx2QPTiKt90I1rAvp-P_SOm_Y83QGSFCJ7MlaK5wYQlih-vA==

{
  "aud" : "http://org.wso2.apimgt/gateway",
  "sub" : "admin",
  "application" : {
    "id" : 2,
    "name" : "test",
    "tier" : "Unlimited",
    "owner" : "admin"
  },
  "scope" : "default",
  "iss" : "https://localhost:9443/oauth2/token",
  "keytype" : "PRODUCTION",
  "subscribedAPIs" : [ ],
  "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
  "exp" : 1549483604,
  "iat" : 1549480004801,
  "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
}
But I have to add a new value, as the example below:
{
  "aud" : "http://org.wso2.apimgt/gateway",
  "sub" : "admin",
  "application" : {
    "id" : 2,
    "name" : "test",
    "tier" : "Unlimited",
    "owner" : "admin"
  },
  "scope" : "default",
  "iss" : "https://localhost:9443/oauth2/token",
  "keytype" : "PRODUCTION",
  "subscribedAPIs" : [ ],
  "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
  "exp" : 1549483604,
  "iat" : 1549480004801,
  "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
  "accountid":"330"
}
So, The accountID information should be sent using /token resource and added in the token returned.
I don't know if this makes sense.
Thanks,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/


Em qui, 7 de fev de 2019 às 18:41, Farasath Ahamed <[hidden email]> escreveu:


On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <[hidden email]> wrote:
Hello,

I am trying to make a change in JWT by adding new information sent in the request (/token).

So by JWT are you referring to the id_token?

Is there a way to send a parameter in a custom grant type and add that parameter inside JWT?

I am with this issue there for some weeks and I don't know if is possible to perform that change in the JWT.

If you could explain your use case in detail devs will be able to guide on achieving it using a suitable configuration/extension point. 

Thank you very much.

Cheers,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/
_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev


--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: JWT WSO2

Hasanthi Purnima Dissanayake
Hi Felipe Pinheiro,

As far as I understood your flow is something like this.
  • You are invoking /token endpoint by passing the scope as openid
  • Id_token response you need to add a custom claim like accountid.
So you can achieve that requirement by using following steps.
  • Add a wso2 claim something like 'http://wso2.org/claims/accountid'
  • Add a custom oidc claim something like 'accountid'
  • Map the wso2 'accountid' with the 'http://wso2.org/claims/accountid' claim
  • If you are using APIM 2.6.0 or IS 5.7.0 you can add the claim 'accountid' for the scope 'openid'.  If it is an older version you need to add the custom claim 'accountid' for the scope 'openid' in the registry. [1]
You can refer [2] which explains the whole flow.


Thanks,
Hasanthi


On Fri, Mar 1, 2019 at 10:26 AM Piraveena Paralogarajah <[hidden email]> wrote:
Hi,

You can add new claims into id_token by implementing a supplementary OSGi service [1] in Identity Server. If you want to add claims into ID Token in your own way, rather than changing the existing code base, this service can be used. This service can be plugged in and can be used to inject claims into ID Token.

Initially you have to implement the ClaimProvider service in identity-inbound-oauth[1] component and then you need to publish your service. Once you publish your service, org.wso2.carbon.identity.oauth component in identity-inbound-oauth is listening to ClaimProvider services. Once you register your service, that can be found by the Default IDTokenBuilder class [2]. Then your claims will be added to ID token.

You can refer this blog [3] for further information on how to add new claims into id_token.


On Fri, Feb 8, 2019 at 6:41 PM Felipe Pinheiro <[hidden email]> wrote:
Hello,

I need to add new information in the token, but this information will be sent when to call the /token.

For example, I have this return: 

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7ImlkIjoyLCJuYW1lIjoidGVzdCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6ImFkbWluIn0sInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdLCJjb25zdW1lcktleSI6ImhGNG9UTzVONnJtX3d1QWVnWDdGWldFdWRFTWEiLCJleHAiOjE1NDk0ODM2MDQsImlhdCI6MTU0OTQ4MDAwNDgwMSwianRpIjoiOTIwNzM5ZWEtZjE2NS00ZDRjLTliYTEtNDRjYWFjZmZlNzQxIn0=.Gt60ZRnGC7KYUQ6dv7SbVljIA6ION3fp5yqo4qGtbSlvqHCBw6mAYYQlXHDc_5RRVa3xnTsqPvW3f8LcKTHvWZriRjj4j31GTwBobM7nfACEsghGV7cSCkgIyAdqT36Tm7EECi2zkI30KlcznE5bZ6P3ts6yPAHcMi-L_gCH3NDWaqrTg9dXo_YF9grTxoYglaf_T9WiuLlkgohk46uatRTTtEBZQKTrjlXbALK3uPdFYurFY1sQGIa_BTDNgTWRi2yQsjTce6ElgDAxhNyNKKh0x3oksKWoSV6-_pSx2QPTiKt90I1rAvp-P_SOm_Y83QGSFCJ7MlaK5wYQlih-vA==

{
  "aud" : "http://org.wso2.apimgt/gateway",
  "sub" : "admin",
  "application" : {
    "id" : 2,
    "name" : "test",
    "tier" : "Unlimited",
    "owner" : "admin"
  },
  "scope" : "default",
  "iss" : "https://localhost:9443/oauth2/token",
  "keytype" : "PRODUCTION",
  "subscribedAPIs" : [ ],
  "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
  "exp" : 1549483604,
  "iat" : 1549480004801,
  "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
}
But I have to add a new value, as the example below:
{
  "aud" : "http://org.wso2.apimgt/gateway",
  "sub" : "admin",
  "application" : {
    "id" : 2,
    "name" : "test",
    "tier" : "Unlimited",
    "owner" : "admin"
  },
  "scope" : "default",
  "iss" : "https://localhost:9443/oauth2/token",
  "keytype" : "PRODUCTION",
  "subscribedAPIs" : [ ],
  "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
  "exp" : 1549483604,
  "iat" : 1549480004801,
  "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
  "accountid":"330"
}
So, The accountID information should be sent using /token resource and added in the token returned.
I don't know if this makes sense.
Thanks,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/


Em qui, 7 de fev de 2019 às 18:41, Farasath Ahamed <[hidden email]> escreveu:


On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <[hidden email]> wrote:
Hello,

I am trying to make a change in JWT by adding new information sent in the request (/token).

So by JWT are you referring to the id_token?

Is there a way to send a parameter in a custom grant type and add that parameter inside JWT?

I am with this issue there for some weeks and I don't know if is possible to perform that change in the JWT.

If you could explain your use case in detail devs will be able to guide on achieving it using a suitable configuration/extension point. 

Thank you very much.

Cheers,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/
_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev


--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev


--

Hasanthi Dissanayake

Senior Software Engineer | WSO2

E: [hidden email]

M :0718407133| http://wso2.com

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: JWT WSO2

Hasini Witharana-2
In reply to this post by Felipe Pinheiro

On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <[hidden email]> wrote:
Hello,

I am trying to make a change in JWT by adding new information sent in the request (/token).

Is there a way to send a parameter in a custom grant type and add that parameter inside JWT?

I am with this issue there for some weeks and I don't know if is possible to perform that change in the JWT.

Thank you very much.

Cheers,
Felipe Pinheiro
Software Developer
telephone+55 85 996123367skypelive:felipeagpinheirolinkedinlinkedin.com/in/felipe-pinheiro-8b045587
Innovating Commerce with Shopping Intelligence
OSF Banner
https://www.osf-commerce.com/
_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev


--
Hasini Witharana
Undergraduate | Department of Computer Science and Engineering
University of Moratuwa

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev