Hi, You can add new claims into id_token by implementing a supplementary OSGi service [1] in Identity Server. If you want to add claims into ID Token in your own way, rather than changing the existing code base, this service can be used. This service can be plugged in and can be used to inject claims into ID Token.
Initially you have to implement the ClaimProvider service in identity-inbound-oauth[1] component and then you need to publish your service. Once you publish your service, org.wso2.carbon.identity.oauth component in identity-inbound-oauth is listening to ClaimProvider services. Once you register your service, that can be found by the Default IDTokenBuilder class [2]. Then your claims will be added to ID token. You can refer this blog [3] for further information on how to add new claims into id_token. [1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/ClaimProvider.java [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java#L876 <https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java#L876> [3] https://medium.com/@piraveenaparalogarajah/how-to-add-new-claims-to-id-token-by-implementing-supplementary-osgi-service-in-wso2-identity-626d19cfecab Thanks, Piraveena *Piraveena Paralogarajah* Software Engineer | WSO2 Inc. *(m)* +94776099594 | *(e)* [email protected] On Fri, Feb 8, 2019 at 6:41 PM Felipe Pinheiro < [email protected]> wrote: > Hello, > > I need to add new information in the token, but this information will be > sent when to call the /token. > > For example, I have this return: > > > eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7ImlkIjoyLCJuYW1lIjoidGVzdCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6ImFkbWluIn0sInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdLCJjb25zdW1lcktleSI6ImhGNG9UTzVONnJtX3d1QWVnWDdGWldFdWRFTWEiLCJleHAiOjE1NDk0ODM2MDQsImlhdCI6MTU0OTQ4MDAwNDgwMSwianRpIjoiOTIwNzM5ZWEtZjE2NS00ZDRjLTliYTEtNDRjYWFjZmZlNzQxIn0=.Gt60ZRnGC7KYUQ6dv7SbVljIA6ION3fp5yqo4qGtbSlvqHCBw6mAYYQlXHDc_5RRVa3xnTsqPvW3f8LcKTHvWZriRjj4j31GTwBobM7nfACEsghGV7cSCkgIyAdqT36Tm7EECi2zkI30KlcznE5bZ6P3ts6yPAHcMi-L_gCH3NDWaqrTg9dXo_YF9grTxoYglaf_T9WiuLlkgohk46uatRTTtEBZQKTrjlXbALK3uPdFYurFY1sQGIa_BTDNgTWRi2yQsjTce6ElgDAxhNyNKKh0x3oksKWoSV6-_pSx2QPTiKt90I1rAvp-P_SOm_Y83QGSFCJ7MlaK5wYQlih-vA== > > { > "aud" : "http://org.wso2.apimgt/gateway";, > "sub" : "admin", > "application" : { > "id" : 2, > "name" : "test", > "tier" : "Unlimited", > "owner" : "admin" > }, > "scope" : "default", > "iss" : "https://localhost:9443/oauth2/token";, > "keytype" : "PRODUCTION", > "subscribedAPIs" : [ ], > "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa", > "exp" : 1549483604, > "iat" : 1549480004801, > "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741" > } > > But I have to add a new value, as the example below: > > { > "aud" : "http://org.wso2.apimgt/gateway";, > "sub" : "admin", > "application" : { > "id" : 2, > "name" : "test", > "tier" : "Unlimited", > "owner" : "admin" > }, > "scope" : "default", > "iss" : "https://localhost:9443/oauth2/token";, > "keytype" : "PRODUCTION", > "subscribedAPIs" : [ ], > "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa", > "exp" : 1549483604, > "iat" : 1549480004801, > "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741" > "accountid":"330" > } > > So, The accountID information should be sent using /token resource and added > in the token returned. > > I don't know if this makes sense. > > Thanks, > Felipe Pinheiro > Software Developer > [image: telephone] +55 85 996123367 [image: skype] live:felipeagpinheiro > [image: > linkedin] linkedin.com/in/felipe-pinheiro-8b045587 > <https://www.linkedin.com/in/felipe-pinheiro-8b045587/> > Innovating Commerce with Shopping Intelligence > [image: OSF Banner] > <https://www.osf-commerce.com/ifactory-solutions-acquisition> > https://www.osf-commerce.com/ > > > Em qui, 7 de fev de 2019 às 18:41, Farasath Ahamed <[email protected]> > escreveu: > >> >> >> On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro < >> [email protected]> wrote: >> >>> Hello, >>> >>> I am trying to make a change in JWT by adding new information sent in >>> the request (/token). >>> >> >> So by JWT are you referring to the id_token? >> >>> >>> Is there a way to send a parameter in a custom grant type and add that >>> parameter inside JWT? >>> >>> I am with this issue there for some weeks and I don't know if is >>> possible to perform that change in the JWT. >>> >> >> If you could explain your use case in detail devs will be able to guide >> on achieving it using a suitable configuration/extension point. >> >>> >>> Thank you very much. >>> >>> Cheers, >>> Felipe Pinheiro >>> Software Developer >>> [image: telephone] +55 85 996123367 [image: skype] live:felipeagpinheiro >>> [image: >>> linkedin] linkedin.com/in/felipe-pinheiro-8b045587 >>> <https://www.linkedin.com/in/felipe-pinheiro-8b045587/> >>> Innovating Commerce with Shopping Intelligence >>> [image: OSF Banner] >>> <https://www.osf-commerce.com/ifactory-solutions-acquisition> >>> https://www.osf-commerce.com/ >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> Farasath Ahamed >> Senior Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
