Hi, On Mon, Aug 21, 2017 at 3:23 PM, Gayan Gunawardana <[email protected]> wrote:
> > > On Mon, Aug 21, 2017 at 1:54 PM, Farasath Ahamed <[email protected]> > wrote: > >> >> >> >> On Mon, Aug 21, 2017 at 1:23 PM, Gayan Gunawardana <[email protected]> >> wrote: >> >>> >>> >>> On Mon, Aug 21, 2017 at 1:21 PM, Ruwan Abeykoon <[email protected]> wrote: >>> >>>> Hi All, >>>> I think we need to add them in introspection result, since they were >>>> anyway present in AuthenticationResponse inside JWT. >>>> >>>> @Gayan, >>>> How about the acr, amr ? >>>> >>> +1 we can add them too. >>> >> >> Can we also consider providing an extension point to decide attributes >> that go into the introspection response? >> > +1 token binding will introduce some more attributes. > Yep. OAuth Token Binding needs to add cnf:tbh attribute. This is defined in [1]. However, we can make this part of the default introspection response builder as well. { "active": true, "iss": "https://server.example.com";, "aud": "https://resource.example.org";, "sub": "[email protected]" "iat": 1467324320, "exp": 1467324920,* "cnf":{ "tbh": "7NRBu9iDdJlYCTOqyeYuLxXv0blEA-yTpmGIrAwKAws" } * } [1] https://tools.ietf.org/html/draft-ietf-oauth-token-binding-04#section-3.5 > >> >>> >>>> Cheers, >>>> Ruwan >>>> >>>> On Mon, Aug 21, 2017 at 11:08 AM, Gayan Gunawardana <[email protected]> >>>> wrote: >>>> >>>>> Hi Indunil, >>>>> >>>>> Form token introspection response I can get below attributes. >>>>> >>>>> {"scope":"openid","active":true,"token_type":"Bearer","exp": >>>>> 1503061170,"iat":1503057570,"client_id":"oRbEK6KkycbSLGxt3JH >>>>> ciaitPzoa","username":"[email protected]"} >>>>> >>>>> But some of optional attributes are not included in introspection >>>>> response >>>>> >>>>> sub >>>>> OPTIONAL. Subject of the token, as defined in JWT [RFC7519 >>>>> <https://tools.ietf.org/html/rfc7519>]. >>>>> Usually a machine-readable identifier of the resource owner who >>>>> authorized this token. >>>>> >>>>> aud >>>>> OPTIONAL. Service-specific string identifier or list of string >>>>> identifiers representing the intended audience for this token, as >>>>> defined in JWT [RFC7519 <https://tools.ietf.org/html/rfc7519>]. >>>>> >>>>> iss >>>>> OPTIONAL. String representing the issuer of this token, as >>>>> defined in JWT [RFC7519 <https://tools.ietf.org/html/rfc7519>]. >>>>> >>>>> Do we have any limitation to support above attributes ? >>>>> >>>>> >>>>> [1] https://tools.ietf.org/html/rfc7662 >>>>> >>>>> Thanks, >>>>> Gayan >>>>> -- >>>>> Gayan Gunawardana >>>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>> Email: [email protected] >>>>> Mobile: +94 (71) 8020933 >>>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Gayan Gunawardana >>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > Gayan Gunawardana > Senior Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > -- *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. email: kasung AT spamfree wso2.com linked-in: http://lk.linkedin.com/in/gajasinghe blog: http://kasunbg.org phone: +1 650-745-4499, 77 678 0813
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
