Hi Tharindu,

In OIDC there are other standard scopes[1] in addition to 'openid'. These
scopes are there to request specific user claims. I think we can use them
here. So when generating tokens, these scopes should be used as per the
requirement.

[1] http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims

Thanks,
Bhathiya

On Sat, May 13, 2017 at 12:18 AM, Tharindu Dharmarathna <tharin...@wso2.com>
wrote:

> Hi All,
>
> We had a use case on APIM to send the user claims in the JWT Header to the
> backend server.
>
> Currently APIM C4 architecture was Getting the user claims and generate
> JWT from Key manager node.
>
> As in C5 architecture, we have to get the user claims from the IS or the
> third party key manager.
>
> I had observed below two ways of getting user claims into the Gateway from
> IS.
>
> 1. Generate token with OpenID scope.
> 2. Call userinfo endpoint with above generated token
> 3. Call OAuth2TokenValidation Service and get the token.
>
> When considering [2] in order to receive user info we have to set the
> requested claims in service provider according to the App.
>
> And from Current C4 architecture, we don't mandate to send openid token as
> a scope.
>
> Is there any other alternative ways to achieve above task.
>
> Thanks
>
> *Tharindu Dharmarathna*Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94779109091 <077%20910%209091>*
>



-- 
*Bhathiya Jayasekara*
*Associate Technical Lead,*
*WSO2 inc., http://wso2.com <http://wso2.com>*

*Phone: +94715478185*
*LinkedIn: http://www.linkedin.com/in/bhathiyaj
<http://www.linkedin.com/in/bhathiyaj>*
*Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
*Blog: http://movingaheadblog.blogspot.com
<http://movingaheadblog.blogspot.com/>*
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to