Hi All,
I am working on $subject for IS 5.5.0.
When handling custom claims, we do have two options.
1. Handling custom claims as we have handled it in the
SAML2BearerGrantHandler.
- Current SAML2BearerGrantHandler converts the claims coming from IDP
to local claims and then filter out oidc claims only, given that scope is
given as openid.
2. Handle relevant custom claims as it is when scope is not openid
and if the scope is openid filter out the openid scopes as we do for
SAML2BearerGrantHandler
- If the scope is not openid, add all the custom claims with the
access token.
- If the scope is openid, follow the same approach followed by
SAML2BearerGrantHandler.
I think option 2 is better way to handle this, becuase,
JWT do not restrict the collection of custom claims, hence if we go with
option 1, customer is expected to select one of the open id claims to get
his claims back in original incoming JWT.
Appreciate your input on this. What is the correct way to move forward?
Thanks.
Regards,
Megala
--
Megala Uthayakumar
Senior Software Engineer
Mobile : 0779967122
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
