Hi Felipe Pinheiro, As far as I understood your flow is something like this.
- You are invoking /token endpoint by passing the scope as openid - Id_token response you need to add a custom claim like accountid. So you can achieve that requirement by using following steps. - Add a wso2 claim something like 'http://wso2.org/claims/accountid' - Add a custom oidc claim something like 'accountid' - Map the wso2 'accountid' with the 'http://wso2.org/claims/accountid' claim - If you are using APIM 2.6.0 or IS 5.7.0 you can add the claim 'accountid' for the scope 'openid'. If it is an older version you need to add the custom claim 'accountid' for the scope 'openid' in the registry. [1] You can refer [2] which explains the whole flow. [1] https://docs.wso2.com/display/IS570/OpenID+Connect+Scopes+and+Claims [2] https://medium.com/@dewni.matheesha/claim-mapping-and-retrieving-end-user-information-in-wso2is-cffd5f3937ff Thanks, Hasanthi On Fri, Mar 1, 2019 at 10:26 AM Piraveena Paralogarajah <[email protected]> wrote: > Hi, > > You can add new claims into id_token by implementing a supplementary OSGi > service [1] in Identity Server. If you want to add claims into ID Token > in your own way, rather than changing the existing code base, this service > can be used. This service can be plugged in and can be used to inject > claims into ID Token. > > Initially you have to implement the ClaimProvider service in > identity-inbound-oauth[1] component and then you need to publish your > service. Once you publish your service, org.wso2.carbon.identity.oauth > component in identity-inbound-oauth is listening to ClaimProvider services. > Once you register your service, that can be found by the Default > IDTokenBuilder class [2]. Then your claims will be added to ID token. > > You can refer this blog [3] for further information on how to add new > claims into id_token. > > [1] > https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/ClaimProvider.java > [2] > > https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java#L876 > <https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java#L876> > [3] > https://medium.com/@piraveenaparalogarajah/how-to-add-new-claims-to-id-token-by-implementing-supplementary-osgi-service-in-wso2-identity-626d19cfecab > > Thanks, > Piraveena > > *Piraveena Paralogarajah* > Software Engineer | WSO2 Inc. > *(m)* +94776099594 | *(e)* [email protected] > > > > On Fri, Feb 8, 2019 at 6:41 PM Felipe Pinheiro < > [email protected]> wrote: > >> Hello, >> >> I need to add new information in the token, but this information will be >> sent when to call the /token. >> >> For example, I have this return: >> >> >> eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7ImlkIjoyLCJuYW1lIjoidGVzdCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6ImFkbWluIn0sInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdLCJjb25zdW1lcktleSI6ImhGNG9UTzVONnJtX3d1QWVnWDdGWldFdWRFTWEiLCJleHAiOjE1NDk0ODM2MDQsImlhdCI6MTU0OTQ4MDAwNDgwMSwianRpIjoiOTIwNzM5ZWEtZjE2NS00ZDRjLTliYTEtNDRjYWFjZmZlNzQxIn0=.Gt60ZRnGC7KYUQ6dv7SbVljIA6ION3fp5yqo4qGtbSlvqHCBw6mAYYQlXHDc_5RRVa3xnTsqPvW3f8LcKTHvWZriRjj4j31GTwBobM7nfACEsghGV7cSCkgIyAdqT36Tm7EECi2zkI30KlcznE5bZ6P3ts6yPAHcMi-L_gCH3NDWaqrTg9dXo_YF9grTxoYglaf_T9WiuLlkgohk46uatRTTtEBZQKTrjlXbALK3uPdFYurFY1sQGIa_BTDNgTWRi2yQsjTce6ElgDAxhNyNKKh0x3oksKWoSV6-_pSx2QPTiKt90I1rAvp-P_SOm_Y83QGSFCJ7MlaK5wYQlih-vA== >> >> { >> "aud" : "http://org.wso2.apimgt/gateway";, >> "sub" : "admin", >> "application" : { >> "id" : 2, >> "name" : "test", >> "tier" : "Unlimited", >> "owner" : "admin" >> }, >> "scope" : "default", >> "iss" : "https://localhost:9443/oauth2/token";, >> "keytype" : "PRODUCTION", >> "subscribedAPIs" : [ ], >> "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa", >> "exp" : 1549483604, >> "iat" : 1549480004801, >> "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741" >> } >> >> But I have to add a new value, as the example below: >> >> { >> "aud" : "http://org.wso2.apimgt/gateway";, >> "sub" : "admin", >> "application" : { >> "id" : 2, >> "name" : "test", >> "tier" : "Unlimited", >> "owner" : "admin" >> }, >> "scope" : "default", >> "iss" : "https://localhost:9443/oauth2/token";, >> "keytype" : "PRODUCTION", >> "subscribedAPIs" : [ ], >> "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa", >> "exp" : 1549483604, >> "iat" : 1549480004801, >> "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741" >> "accountid":"330" >> } >> >> So, The accountID information should be sent using /token resource and added >> in the token returned. >> >> I don't know if this makes sense. >> >> Thanks, >> Felipe Pinheiro >> Software Developer >> [image: telephone] +55 85 996123367 [image: skype] live:felipeagpinheiro >> [image: >> linkedin] linkedin.com/in/felipe-pinheiro-8b045587 >> <https://www.linkedin.com/in/felipe-pinheiro-8b045587/> >> Innovating Commerce with Shopping Intelligence >> [image: OSF Banner] >> <https://www.osf-commerce.com/ifactory-solutions-acquisition> >> https://www.osf-commerce.com/ >> >> >> Em qui, 7 de fev de 2019 às 18:41, Farasath Ahamed <[email protected]> >> escreveu: >> >>> >>> >>> On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro < >>> [email protected]> wrote: >>> >>>> Hello, >>>> >>>> I am trying to make a change in JWT by adding new information sent in >>>> the request (/token). >>>> >>> >>> So by JWT are you referring to the id_token? >>> >>>> >>>> Is there a way to send a parameter in a custom grant type and add that >>>> parameter inside JWT? >>>> >>>> I am with this issue there for some weeks and I don't know if is >>>> possible to perform that change in the JWT. >>>> >>> >>> If you could explain your use case in detail devs will be able to guide >>> on achieving it using a suitable configuration/extension point. >>> >>>> >>>> Thank you very much. >>>> >>>> Cheers, >>>> Felipe Pinheiro >>>> Software Developer >>>> [image: telephone] +55 85 996123367 [image: skype] >>>> live:felipeagpinheiro [image: linkedin] >>>> linkedin.com/in/felipe-pinheiro-8b045587 >>>> <https://www.linkedin.com/in/felipe-pinheiro-8b045587/> >>>> Innovating Commerce with Shopping Intelligence >>>> [image: OSF Banner] >>>> <https://www.osf-commerce.com/ifactory-solutions-acquisition> >>>> https://www.osf-commerce.com/ >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>> >>> >>> -- >>> Farasath Ahamed >>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>> Mobile: +94777603866 >>> Blog: blog.farazath.com >>> Twitter: @farazath619 <https://twitter.com/farazath619> >>> <http://wso2.com/signature> >>> >>> >>> >>> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Hasanthi Dissanayake Senior Software Engineer | WSO2 E: [email protected] M :0718407133| http://wso2.com <http://wso2.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
