Hi Harsha, Thanks for quick response and yes, I would like to generate JWT token only if some header is present.
Let me give you more context on what I’m trying to accomplish: Setup: 1) APIM 2.1 + Identity Server 5.3 acting as the Key Manager. 2) OpenID Connect is used for authentication. 3) User roles and permissions are retrieved from an internal service, not from Identity Server. So, when a token (scope=openid) is requested the id_token is generated with our internal roles and permissions + other attributes. The problem: 1) Some of the services behind the Gateway have protected endpoints by our internal roles or permissions, so we send the signed id_token as a http header and the service validates the token, builds a profile from the token and authorizes the user. 2) Another use case is when we want to hit the endpoint from APIM Store (Swagger UI). The swager definition has the id_token http header mandatory but I would like to make it optional and have the APIM generate the id_token only if the header is not present (my initial question). What are your thoughts on this, can we approach this problem in a better way? Thanks, Javier From: Harsha Kumara [mailto:hars...@wso2.com] Sent: Tuesday, July 18, 2017 7:20 PM To: Vazquez-Hidalgo, Javier Cc: dev@wso2.org Subject: Re: [Dev] JWT Token Generation Hey Javier, Do you want to generate JWT token only if some header present in the request? For the current implementation, we can't control it as it will generate in the KM. But you can manipulate headers in gateway so you can decide which token you should send to the backend either APIM generated on or newly created JWT token. Thanks, Harsha 2017-07-19 0:41 GMT+02:00 Vazquez-Hidalgo, Javier <javier.vazquez-hida...@tdsecurities.com<mailto:javier.vazquez-hida...@tdsecurities.com>>: Hello, What is the best approach to have APIM generate a JWT Token only if a header is passed to the request? Thanks, Javier If you wish to unsubscribe from receiving commercial electronic messages from TD Bank Group, please click here<http://www.td.com/tdoptout> or go to the following web address: www.td.com/tdoptout<http://www.td.com/tdoptout> Si vous souhaitez vous désabonner des messages électroniques de nature commerciale envoyés par Groupe Banque TD veuillez cliquer ici<http://www.td.com/tddesab> ou vous rendre à l'adresse www.td.com/tddesab<http://www.td.com/tddesab> NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal<http://www.td.com/legal> for instructions. AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique<http://www.td.com/francais/avis_juridique> pour des instructions. _______________________________________________ Dev mailing list Dev@wso2.org<mailto:Dev@wso2.org> http://wso2.org/cgi-bin/mailman/listinfo/dev -- Harsha Kumara Software Engineer, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com<http://harshcreationz.blogspot.com>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
