Hi Tharindu, In OIDC there are other standard scopes[1] in addition to 'openid'. These scopes are there to request specific user claims. I think we can use them here. So when generating tokens, these scopes should be used as per the requirement.
[1] http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims Thanks, Bhathiya On Sat, May 13, 2017 at 12:18 AM, Tharindu Dharmarathna <tharin...@wso2.com> wrote: > Hi All, > > We had a use case on APIM to send the user claims in the JWT Header to the > backend server. > > Currently APIM C4 architecture was Getting the user claims and generate > JWT from Key manager node. > > As in C5 architecture, we have to get the user claims from the IS or the > third party key manager. > > I had observed below two ways of getting user claims into the Gateway from > IS. > > 1. Generate token with OpenID scope. > 2. Call userinfo endpoint with above generated token > 3. Call OAuth2TokenValidation Service and get the token. > > When considering [2] in order to receive user info we have to set the > requested claims in service provider according to the App. > > And from Current C4 architecture, we don't mandate to send openid token as > a scope. > > Is there any other alternative ways to achieve above task. > > Thanks > > *Tharindu Dharmarathna*Senior Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94779109091 <077%20910%209091>* > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev