You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The requirement is, that if the API call comes with a token issued for Client Credential grant type(Application level), backends should be able to access that information in JWT.
With the new implementation of IS 5.11.0/APIM 4.0.0 this information is not available at building JWT.
AccessTokenInfo class already has a variable to carry this information - "isApplicationToken"
package org.wso2.carbon.apimgt.api.model;
import org.json.simple.JSONObject;
import java.util.Arrays;
import java.util.HashMap;
/**
Details about an Access Token.
*/
public class AccessTokenInfo {
private boolean isTokenValid;
private boolean isApplicationToken;
We are ignoring token-type info from introspecting call in the Key validation(introspect) handler. We need to get information from "aut" field and set it isApplicationToken,
public class IntrospectInfo {
@SerializedName("active")
private boolean active;
@SerializedName("client_id")
private String clientId;
@SerializedName("device_id")
private String deviceId;
@SerializedName("exp")
private long expiry;
@SerializedName("aut")
private long aut;
...
Steps to reproduce:
Affected Product Version:
APIM 4.0.0
Environment details (with versions):
Env (Docker/K8s): Docker
The text was updated successfully, but these errors were encountered:
Description:
We have been passing the following attribute to the backend via JWT in APIM 2.1.0.
"http://wso2.org/claims/usertype", "APPLICATION|APPLICATION_USER"
The requirement is, that if the API call comes with a token issued for Client Credential grant type(Application level), backends should be able to access that information in JWT.
With the new implementation of IS 5.11.0/APIM 4.0.0 this information is not available at building JWT.
AccessTokenInfo class already has a variable to carry this information - "isApplicationToken"
We are ignoring token-type info from introspecting call in the Key validation(introspect) handler. We need to get information from "aut" field and set it isApplicationToken,
Steps to reproduce:
Affected Product Version:
APIM 4.0.0
Environment details (with versions):
The text was updated successfully, but these errors were encountered: