Hi,
I quickly checked the backend JWT scenario and observed the following.
1. is set as follows (in api-manager.xml)
https://localhost:8243/revoke
2. The resolved value of "iss" of the backend JWT is,
"iss": "wso2.org/products/am"
Based on the code, it seems like inbound JWT token is using th
Yes +1, and shall we change the configured value in identity.xml to gateway
token endpoint? Because otherwise, it will use the default (
https://localhost:9443/oauth2/token) and we are exposing the IS token
endpoint to outside. And as we have already registered gateway as the
issuer in MG configs,
So this means that IS already has a special config for that, which also
means that we do not have to introduce yet another config and can reuse
what IS is already using right?
On Mon, Jul 23, 2018 at 11:20 PM Malintha Amarasinghe
wrote:
> Looks like they are using the "IDTokenIssuerID" from iden
Looks like they are using the "IDTokenIssuerID" from identity.xml. If it is
not specified, it uses the token API URL (
https://localhost:9443/oauth2/token).
${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token
[1]
https://github.com/wso2-extensions/identity-inbound-auth-oaut
Do we know how IS generates the "iss" when issuing JWT tokens? We should
try to leverage that so that we maintain consistency. Again, by making it
backwards compatible too.
On Mon, Jul 23, 2018 at 11:01 PM Malintha Amarasinghe
wrote:
> Hi Nuwan,
>
> We can use a new config under . If it is not s
Hi Nuwan,
We can use a new config under . If it is not specified,
we can use the config from . We can make that config
commented out when shipping. Also, the shipped (default) value can be added
as the token API URL (The same existing value). From these,
existing customers using backend JWT (not d
IMO the "iss" claim should be a configurable value. Reusing some other
config such as the Revoke URL is not correct.
IINM, when I went through the code I noticed that we use the same code to
generate backend JWT's "iss" as well as /token API JWT's "iss". So whatever
change we do has to be made in
+ Dev
On Mon, Jul 23, 2018 at 6:32 PM, Chamin Dias wrote:
> Hi all,
>
> 1. When testing JWT with APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0, we
> faced an issue.
>
> *Setup details : Single node APIM Server (no port offset), ISKM (port
> offset 1), Default Micro-GW*
>
> 2. The issuer (iss) is pick