Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

Hi, I quickly checked the backend JWT scenario and observed the following. 1. is set as follows (in api-manager.xml) https://localhost:8243/revoke 2. The resolved value of "iss" of the backend JWT is, "iss": "wso2.org/products/am" Based on the code, it seems like inbound JWT token is using th

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

Yes +1, and shall we change the configured value in identity.xml to gateway token endpoint? Because otherwise, it will use the default ( https://localhost:9443/oauth2/token) and we are exposing the IS token endpoint to outside. And as we have already registered gateway as the issuer in MG configs,

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

So this means that IS already has a special config for that, which also means that we do not have to introduce yet another config and can reuse what IS is already using right? On Mon, Jul 23, 2018 at 11:20 PM Malintha Amarasinghe wrote: > Looks like they are using the "IDTokenIssuerID" from iden

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

Looks like they are using the "IDTokenIssuerID" from identity.xml. If it is not specified, it uses the token API URL ( https://localhost:9443/oauth2/token). ${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token [1] https://github.com/wso2-extensions/identity-inbound-auth-oaut

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

Do we know how IS generates the "iss" when issuing JWT tokens? We should try to leverage that so that we maintain consistency. Again, by making it backwards compatible too. On Mon, Jul 23, 2018 at 11:01 PM Malintha Amarasinghe wrote: > Hi Nuwan, > > We can use a new config under . If it is not s

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

Hi Nuwan, We can use a new config under . If it is not specified, we can use the config from . We can make that config commented out when shipping. Also, the shipped (default) value can be added as the token API URL (The same existing value). From these, existing customers using backend JWT (not d

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

IMO the "iss" claim should be a configurable value. Reusing some other config such as the Revoke URL is not correct. IINM, when I went through the code I noticed that we use the same code to generate backend JWT's "iss" as well as /token API JWT's "iss". So whatever change we do has to be made in

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

+ Dev On Mon, Jul 23, 2018 at 6:32 PM, Chamin Dias wrote: > Hi all, > > 1. When testing JWT with APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0, we > faced an issue. > > *Setup details : Single node APIM Server (no port offset), ISKM (port > offset 1), Default Micro-GW* > > 2. The issuer (iss) is pick