Hi Team,
I am setting the custom attribute related to userinfo in generate access token policy(oauth2).
EX:
<Attribute name="email" display="true" ref="oauthv2authcode.OA-GetAuthCodeAttributesForAccessToken.email"/>
<Attribute name="given_name" display="true" ref="oauthv2authcode.OA-GetAuthCodeAttributesForAccessToken.given_name"/>
<Attribute name="family_name" display="true" ref="oauthv2authcode.OA-GetAuthCodeAttributesForAccessToken.family_name"/>
I am able to retrieve the above custom attribute info by using getoauthinfo policy.
ex: {
"given_name":"abc",
"family_name":"xyz",
"email":"abc@gmail.com"
}
But I want to retrieve Sub value also(sub means short for subject).
ex: {
"Sub":"12341234123412341", how can I retrieve the sub vlaue?
"given_name":"abc",
"family_name":"xyz",
"email":"abc@gmail.com"
}
Sub":"12341234123412341", how can I retrieve the sub vlaue?
Thanks,
Kumar.
@kumar , What do you mean sub value ? Is it access token attribute ? How are you setting this value ?
I have the same question!
Kumar, "sub" is an attribute name that is often used in a JWT, especially when the JWT is an id token. It identifies the subject of the token.
But when you are using the OAuthV2 policy with GenerateAccessToken operation, you are not creating a JWT. It is an opaque token. True, those attributes do get returned to the caller (the client) in the token response, ... in a JSON payload. And that JSON can kindof look like a JWT payload. Like this:
{ "issued_at": "1420262924658", "scope": "READ", "refresh_token_issued_at": "1420262924658", "status": "approved", "refresh_token_status": "approved", "api_product_list": "[PremiumWeatherAPI]", "expires_in": "1799", "given_name": "Dino", "family_name": "Valentino", "email": "dchiesa@google.com", "token_type": "BearerToken", "refresh_token": "fYACGW7OCPtCNDEnRSnqFlEgogboFPMm", "client_id": "5jUAdGv9pBouF0wOH5keAVI35GBtx3dT", "access_token": "2l4IQtZXbn5WBJdL6EF7uenOWRsi", "refresh_token_expires_in": "86400", } <br>
But it isn't a JWT. The token itself is just an opaque string. And those other properties are just... data.
Unless you attach a custom attribute called "sub", then there will be no "sub" attribute attached to the token when it is created, and no "sub" property in the response JSON.
I mean you need something like this:
<Attribute name="sub" display="true" ref="variable-containing-subject"/>
...and of course you need to make sure the variable-containing-subject contains the information you want to attach to the token.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |