Hi there
I have a use case to create JWT with RS256 and PS256 algo. for RS256 I will be using generate jwt out of box policy. For PS256, I will be using javacallout. This whole logic will be in shared flow. My query is to use out of box policy, Can I add dynamic claims in GenerateJWT policy so that same policy can be reused for different flows
<GenerateJWT async="false" continueOnError="false" enabled="true" name="GJWTGenerate"> <DisplayName>GJWTGenerate</DisplayName> <Algorithm>RS256</Algorithm> <PrivateKey> <Value ref="private.signKey"/> <Id ref="MY_KID"/> </PrivateKey> <Subject ref="MY_ID"/> <Issuer ref="MY_ID"/> <Audience ref="MY_AUD"/> <ExpiresIn>60m</ExpiresIn> <AdditionalClaims> <Claim name="scope">ASPSPReadAccess TPPReadAll AuthoritiesReadAccess</Claim> </AdditionalClaims> <OutputVariable>token-jwt</OutputVariable> </GenerateJWT>
Solved! Go to Solution.
Yes.
Did you try it?
And ?
Any trouble at all ?
Specifically which claims do you want to be dynamic? The issuer, subject, and audience? sure. This is all documented. It does not matter that the policy runs within a SharedFlow. The policy will reference the variables to set the specific claims.
Did you try it?
Yes.
Did you try it?
And ?
Any trouble at all ?
Specifically which claims do you want to be dynamic? The issuer, subject, and audience? sure. This is all documented. It does not matter that the policy runs within a SharedFlow. The policy will reference the variables to set the specific claims.
Did you try it?
Hi Dino
Thanks for your response. ACtually i am looking to add claims dynamically not the value for claims. So in additional claims, lets say i want to add 2 more mails test1 and test2. rather than explicitly adding in additional claims, I want it to be dynamic
yes I understand.
You want the claim names to be dynamically determined, not just the claim values.
We added a feature to allow that. b/110548137
It's not yet shipped. I expect it to ship in the next few weeks, but cannot guarantee that.
For now, you cannot do what you want with the GenerateJWT policy.
Ok. Guess we need to handle it differently. Thank you @Dino-at-Google
User | Count |
---|---|
5 | |
2 | |
2 | |
1 | |
1 |