Hi All, We had a use case on APIM to send the user claims in the JWT Header to the backend server.
Currently APIM C4 architecture was Getting the user claims and generate JWT from Key manager node. As in C5 architecture, we have to get the user claims from the IS or the third party key manager. I had observed below two ways of getting user claims into the Gateway from IS. 1. Generate token with OpenID scope. 2. Call userinfo endpoint with above generated token 3. Call OAuth2TokenValidation Service and get the token. When considering [2] in order to receive user info we have to set the requested claims in service provider according to the App. And from Current C4 architecture, we don't mandate to send openid token as a scope. Is there any other alternative ways to achieve above task. Thanks *Tharindu Dharmarathna*Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94779109091*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev