This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to retrieve short for subject in Oauth2 accesstoken

Posted on 05-05-2017 05:24 AM
kumar_puli
New Member
Reply posted on --/--/---- --:-- AM

Hi Team,

I am setting the custom attribute related to userinfo in generate access token policy(oauth2).

EX:

<Attribute name="email" display="true" ref="oauthv2authcode.OA-GetAuthCodeAttributesForAccessToken.email"/>
<Attribute name="given_name" display="true" ref="oauthv2authcode.OA-GetAuthCodeAttributesForAccessToken.given_name"/>
<Attribute name="family_name" display="true" ref="oauthv2authcode.OA-GetAuthCodeAttributesForAccessToken.family_name"/>

I am able to retrieve the above custom attribute info by using getoauthinfo policy.

ex: {

"given_name":"abc",

"family_name":"xyz",

"email":"abc@gmail.com"

}

But I want to retrieve Sub value also(sub means short for subject).

ex: {

"Sub":"12341234123412341", how can I retrieve the sub vlaue?

"given_name":"abc",

"family_name":"xyz",

"email":"abc@gmail.com"

}

Sub":"12341234123412341", how can I retrieve the sub vlaue?

Thanks,

Kumar.

0 2 463
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@kumar , What do you mean sub value ? Is it access token attribute ? How are you setting this value ?

0 Likes

Posted on --/--/---- --:-- AM
DChiesa
Staff
In response to anilsr
Reply posted on --/--/---- --:-- AM

I have the same question!

Kumar, "sub" is an attribute name that is often used in a JWT, especially when the JWT is an id token. It identifies the subject of the token.

But when you are using the OAuthV2 policy with GenerateAccessToken operation, you are not creating a JWT. It is an opaque token. True, those attributes do get returned to the caller (the client) in the token response, ... in a JSON payload. And that JSON can kindof look like a JWT payload. Like this: 

  
    {
     "issued_at": "1420262924658",
     "scope": "READ",
     "refresh_token_issued_at": "1420262924658",
     "status": "approved",
     "refresh_token_status": "approved",
     "api_product_list": "[PremiumWeatherAPI]",
     "expires_in": "1799",
     "given_name": "Dino",
     "family_name": "Valentino",
     "email": "dchiesa@google.com",
     "token_type": "BearerToken",
     "refresh_token": "fYACGW7OCPtCNDEnRSnqFlEgogboFPMm",
     "client_id": "5jUAdGv9pBouF0wOH5keAVI35GBtx3dT",
     "access_token": "2l4IQtZXbn5WBJdL6EF7uenOWRsi",
     "refresh_token_expires_in": "86400",
    }
<br>

But it isn't a JWT. The token itself is just an opaque string. And those other properties are just... data.

Unless you attach a custom attribute called "sub", then there will be no "sub" attribute attached to the token when it is created, and no "sub" property in the response JSON.

I mean you need something like this: 

<Attribute name="sub" display="true" ref="variable-containing-subject"/>

...and of course you need to make sure the variable-containing-subject contains the information you want to attach to the token.

0 Likes