This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Generate JWT in shared flow with Dynamic Claims

Posted on 08-17-2018 08:28 AM
nsaini
New Member
Reply posted on --/--/---- --:-- AM

Hi there

I have a use case to create JWT with RS256 and PS256 algo. for RS256 I will be using generate jwt out of box policy. For PS256, I will be using javacallout. This whole logic will be in shared flow. My query is to use out of box policy, Can I add dynamic claims in GenerateJWT policy so that same policy can be reused for different flows

<GenerateJWT async="false" continueOnError="false" enabled="true" name="GJWTGenerate"> 
  <DisplayName>GJWTGenerate</DisplayName> 
  <Algorithm>RS256</Algorithm> 
  <PrivateKey> 
    <Value ref="private.signKey"/> 
    <Id ref="MY_KID"/> 
  </PrivateKey> 
  <Subject ref="MY_ID"/> 
  <Issuer ref="MY_ID"/> 
  <Audience ref="MY_AUD"/> 
  <ExpiresIn>60m</ExpiresIn> 
  <AdditionalClaims> 
    <Claim name="scope">ASPSPReadAccess TPPReadAll AuthoritiesReadAccess</Claim> 
  </AdditionalClaims> 
  <OutputVariable>token-jwt</OutputVariable> 
</GenerateJWT>
Solved Solved
1 4 331
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Yes.

Did you try it?

And ?

Any trouble at all ?

Specifically which claims do you want to be dynamic? The issuer, subject, and audience? sure. This is all documented. It does not matter that the policy runs within a SharedFlow. The policy will reference the variables to set the specific claims.

Did you try it?

View solution in original post

Jump to Solution
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Yes.

Did you try it?

And ?

Any trouble at all ?

Specifically which claims do you want to be dynamic? The issuer, subject, and audience? sure. This is all documented. It does not matter that the policy runs within a SharedFlow. The policy will reference the variables to set the specific claims.

Did you try it?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
nsaini
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi Dino

Thanks for your response. ACtually i am looking to add claims dynamically not the value for claims. So in additional claims, lets say i want to add 2 more mails test1 and test2. rather than explicitly adding in additional claims, I want it to be dynamic

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to nsaini
Reply posted on --/--/---- --:-- AM

yes I understand.

You want the claim names to be dynamically determined, not just the claim values.

We added a feature to allow that. b/110548137

It's not yet shipped. I expect it to ship in the next few weeks, but cannot guarantee that.

For now, you cannot do what you want with the GenerateJWT policy.

Jump to Solution

Posted on --/--/---- --:-- AM
nsaini
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Ok. Guess we need to handle it differently. Thank you @Dino-at-Google

Jump to Solution
0 Likes