Solved: MicroEdge, JWT and custom claims

galo · 08-01-2016 10:41 AM

I just noticed to our surprise that microEdge access_tokens are JWT tokens.

Also in a different question, it was covered how to expand microedge-auth proxy to do for instance a password-grant. Is it possible to modify microedge to include custom claims in the generated JWT token, so for instance I can include infomation such as teh user name on the JWT token

sudheendras

Hi @galo I think you modify the JWT token to include custom claims. You just need to modify the helper function in edgemicro-auth proxy (api/helpers/jwt.js) to update the token before signing it. I must admit that I have not tested this myself.

View solution in original post

sudheendras

Hi @galo I think you modify the JWT token to include custom claims. You just need to modify the helper function in edgemicro-auth proxy (api/helpers/jwt.js) to update the token before signing it. I must admit that I have not tested this myself.

galo

Thanks, that makes sense. It is edgemicro-auth is deployed on microedge-configure? Looks like if the edgemicro-auth does exist it will not be replaced when running subsequent microedge-configure actions.

galo

I have implemented this on the api/controllers/volos-ouath.js since in my case custom claims might come from the client using this token service, I do append them in the translateToken function.

However a better approach I think is to add custom claims in the Edge token provided, so actually the customer claims get persisted on Edge side and operations like refresh token return them, somthing along the lines of

oauth(req).generateToken(body, { authorizeHeader: req.headers.authorization, request: req, claims: req.query.claims },

{....

As microedge-auth is just translating the token, I belive teh custom claims should actually be on the Apigee token