Hi Megala, On Wed, May 23, 2018 at 10:11 AM, Megala Uthayakumar <[email protected]> wrote:
> Hi All, > > I am working on $subject for IS 5.5.0. > > When handling custom claims, we do have two options. > > 1. Handling custom claims as we have handled it in the > SAML2BearerGrantHandler. > - Current SAML2BearerGrantHandler converts the claims coming from > IDP to local claims and then filter out oidc claims only, given that > scope > is given as openid. > 2. Handle relevant custom claims as it is when scope is not openid > and if the scope is openid filter out the openid scopes as we do for > SAML2BearerGrantHandler > - If the scope is not openid, add all the custom claims with the > access token. > - If the scope is openid, follow the same approach followed by > SAML2BearerGrantHandler. > > I think option 2 is better way to handle this, becuase, > > JWT do not restrict the collection of custom claims, hence if we go with > option 1, customer is expected to select one of the open id claims to get > his claims back in original incoming JWT. > Could you please explain this line further? And in the subject you meant generating access token (but not JWT token) right? Thanks, Bhathiya > > Appreciate your input on this. What is the correct way to move forward? > > Thanks. > > Regards, > Megala > > -- > Megala Uthayakumar > > Senior Software Engineer > Mobile : 0779967122 > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
