Re: [Dev] JWT WSO2

2019-03-07 Thread Hasini Witharana 
Hi Felipe,

Refer the step 6 in the blog [1] for claim configuration.
[1] -
https://medium.com/@hasiniwitharana/openid-connect-certification-configurations-for-basic-profile-with-wso2-identity-server-e3cd511a9f37

Thank You.

On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <
felipe.pinhe...@ifactory.com.br> wrote:

> Hello,
>
> I am trying to make a change in JWT by adding new information sent in the
> request (/token).
>
> Is there a way to send a parameter in a custom grant type and add that
> parameter inside JWT?
>
> I am with this issue there for some weeks and I don't know if is possible
> to perform that change in the JWT.
>
> Thank you very much.
>
> Cheers,
> Felipe Pinheiro
> Software Developer
> [image: telephone] +55 85 996123367 [image: skype] live:felipeagpinheiro 
> [image:
> linkedin] linkedin.com/in/felipe-pinheiro-8b045587
> 
> Innovating Commerce with Shopping Intelligence
> [image: OSF Banner]
> 
> https://www.osf-commerce.com/
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Hasini Witharana*
Undergraduate | Department of Computer Science and Engineering
University of Moratuwa
Linkedin 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] JWT WSO2

2019-03-01 Thread Hasanthi Purnima Dissanayake 
Hi Felipe Pinheiro,

As far as I understood your flow is something like this.

   - You are invoking /token endpoint by passing the scope as openid
   - Id_token response you need to add a custom claim like accountid.

So you can achieve that requirement by using following steps.

   - Add a wso2 claim something like 'http://wso2.org/claims/accountid'
   - Add a custom oidc claim something like 'accountid'
   - Map the wso2 'accountid' with the 'http://wso2.org/claims/accountid'
   claim
   - If you are using APIM 2.6.0 or IS 5.7.0 you can add the claim
   'accountid' for the scope 'openid'.  If it is an older version you need to
   add the custom claim 'accountid' for the scope 'openid' in the registry. [1]

You can refer [2] which explains the whole flow.

[1] https://docs.wso2.com/display/IS570/OpenID+Connect+Scopes+and+Claims
[2]
https://medium.com/@dewni.matheesha/claim-mapping-and-retrieving-end-user-information-in-wso2is-cffd5f3937ff

Thanks,
Hasanthi


On Fri, Mar 1, 2019 at 10:26 AM Piraveena Paralogarajah 
wrote:

> Hi,
>
> You can add new claims into id_token by implementing a supplementary OSGi
> service [1] in Identity Server. If you want to add claims into ID Token
> in your own way, rather than changing the existing code base, this service
> can be used. This service can be plugged in and can be used to inject
> claims into ID Token.
>
> Initially you have to implement the ClaimProvider service in
> identity-inbound-oauth[1] component and then you need to publish your
> service. Once you publish your service, org.wso2.carbon.identity.oauth
> component in identity-inbound-oauth is listening to ClaimProvider services.
> Once you register your service, that can be found by the Default
> IDTokenBuilder class [2]. Then your claims will be added to ID token.
>
> You can refer this blog [3] for further information on how to add new
> claims into id_token.
>
> [1]
> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/ClaimProvider.java
> [2]
>  
> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java#L876
> 
> [3]
> https://medium.com/@piraveenaparalogarajah/how-to-add-new-claims-to-id-token-by-implementing-supplementary-osgi-service-in-wso2-identity-626d19cfecab
>
> Thanks,
> Piraveena
>
> *Piraveena Paralogarajah*
> Software Engineer | WSO2 Inc.
> *(m)* +94776099594 | *(e)* pirave...@wso2.com
>
>
>
> On Fri, Feb 8, 2019 at 6:41 PM Felipe Pinheiro <
> felipe.pinhe...@ifactory.com.br> wrote:
>
>> Hello,
>>
>> I need to add new information in the token, but this information will be
>> sent when to call the /token.
>>
>> For example, I have this return:
>>
>>
>> eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7ImlkIjoyLCJuYW1lIjoidGVzdCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6ImFkbWluIn0sInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdLCJjb25zdW1lcktleSI6ImhGNG9UTzVONnJtX3d1QWVnWDdGWldFdWRFTWEiLCJleHAiOjE1NDk0ODM2MDQsImlhdCI6MTU0OTQ4MDAwNDgwMSwianRpIjoiOTIwNzM5ZWEtZjE2NS00ZDRjLTliYTEtNDRjYWFjZmZlNzQxIn0=.Gt60ZRnGC7KYUQ6dv7SbVljIA6ION3fp5yqo4qGtbSlvqHCBw6mAYYQlXHDc_5RRVa3xnTsqPvW3f8LcKTHvWZriRjj4j31GTwBobM7nfACEsghGV7cSCkgIyAdqT36Tm7EECi2zkI30KlcznE5bZ6P3ts6yPAHcMi-L_gCH3NDWaqrTg9dXo_YF9grTxoYglaf_T9WiuLlkgohk46uatRTTtEBZQKTrjlXbALK3uPdFYurFY1sQGIa_BTDNgTWRi2yQsjTce6ElgDAxhNyNKKh0x3oksKWoSV6-_pSx2QPTiKt90I1rAvp-P_SOm_Y83QGSFCJ7MlaK5wYQlih-vA==
>>
>> {
>>   "aud" : "http://org.wso2.apimgt/gateway;,
>>   "sub" : "admin",
>>   "application" : {
>> "id" : 2,
>> "name" : "test",
>> "tier" : "Unlimited",
>> "owner" : "admin"
>>   },
>>   "scope" : "default",
>>   "iss" : "https://localhost:9443/oauth2/token;,
>>   "keytype" : "PRODUCTION",
>>   "subscribedAPIs" : [ ],
>>   "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
>>   "exp" : 1549483604,
>>   "iat" : 1549480004801,
>>   "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
>> }
>>
>> But I have to add a new value, as the example below:
>>
>> {
>>   "aud" : "http://org.wso2.apimgt/gateway;,
>>   "sub" : "admin",
>>   "application" : {
>> "id" : 2,
>> "name" : "test",
>> "tier" : "Unlimited",
>> "owner" : "admin"
>>   },
>>   "scope" : "default",
>>   "iss" : "https://localhost:9443/oauth2/token;,
>>   "keytype" : "PRODUCTION",
>>   "subscribedAPIs" : [ ],
>>   "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
>>

Re: [Dev] JWT WSO2

2019-02-28 Thread Piraveena Paralogarajah 
Hi,

You can add new claims into id_token by implementing a supplementary OSGi
service [1] in Identity Server. If you want to add claims into ID Token in
your own way, rather than changing the existing code base, this service can
be used. This service can be plugged in and can be used to inject claims
into ID Token.

Initially you have to implement the ClaimProvider service in
identity-inbound-oauth[1] component and then you need to publish your
service. Once you publish your service, org.wso2.carbon.identity.oauth
component in identity-inbound-oauth is listening to ClaimProvider services.
Once you register your service, that can be found by the Default
IDTokenBuilder class [2]. Then your claims will be added to ID token.

You can refer this blog [3] for further information on how to add new
claims into id_token.

[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/ClaimProvider.java
[2]
 
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java#L876

[3]
https://medium.com/@piraveenaparalogarajah/how-to-add-new-claims-to-id-token-by-implementing-supplementary-osgi-service-in-wso2-identity-626d19cfecab

Thanks,
Piraveena

*Piraveena Paralogarajah*
Software Engineer | WSO2 Inc.
*(m)* +94776099594 | *(e)* pirave...@wso2.com



On Fri, Feb 8, 2019 at 6:41 PM Felipe Pinheiro <
felipe.pinhe...@ifactory.com.br> wrote:

> Hello,
>
> I need to add new information in the token, but this information will be
> sent when to call the /token.
>
> For example, I have this return:
>
>
> eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7ImlkIjoyLCJuYW1lIjoidGVzdCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6ImFkbWluIn0sInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdLCJjb25zdW1lcktleSI6ImhGNG9UTzVONnJtX3d1QWVnWDdGWldFdWRFTWEiLCJleHAiOjE1NDk0ODM2MDQsImlhdCI6MTU0OTQ4MDAwNDgwMSwianRpIjoiOTIwNzM5ZWEtZjE2NS00ZDRjLTliYTEtNDRjYWFjZmZlNzQxIn0=.Gt60ZRnGC7KYUQ6dv7SbVljIA6ION3fp5yqo4qGtbSlvqHCBw6mAYYQlXHDc_5RRVa3xnTsqPvW3f8LcKTHvWZriRjj4j31GTwBobM7nfACEsghGV7cSCkgIyAdqT36Tm7EECi2zkI30KlcznE5bZ6P3ts6yPAHcMi-L_gCH3NDWaqrTg9dXo_YF9grTxoYglaf_T9WiuLlkgohk46uatRTTtEBZQKTrjlXbALK3uPdFYurFY1sQGIa_BTDNgTWRi2yQsjTce6ElgDAxhNyNKKh0x3oksKWoSV6-_pSx2QPTiKt90I1rAvp-P_SOm_Y83QGSFCJ7MlaK5wYQlih-vA==
>
> {
>   "aud" : "http://org.wso2.apimgt/gateway;,
>   "sub" : "admin",
>   "application" : {
> "id" : 2,
> "name" : "test",
> "tier" : "Unlimited",
> "owner" : "admin"
>   },
>   "scope" : "default",
>   "iss" : "https://localhost:9443/oauth2/token;,
>   "keytype" : "PRODUCTION",
>   "subscribedAPIs" : [ ],
>   "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
>   "exp" : 1549483604,
>   "iat" : 1549480004801,
>   "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
> }
>
> But I have to add a new value, as the example below:
>
> {
>   "aud" : "http://org.wso2.apimgt/gateway;,
>   "sub" : "admin",
>   "application" : {
> "id" : 2,
> "name" : "test",
> "tier" : "Unlimited",
> "owner" : "admin"
>   },
>   "scope" : "default",
>   "iss" : "https://localhost:9443/oauth2/token;,
>   "keytype" : "PRODUCTION",
>   "subscribedAPIs" : [ ],
>   "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
>   "exp" : 1549483604,
>   "iat" : 1549480004801,
>   "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
>   "accountid":"330"
> }
>
> So, The accountID information should be sent using /token resource and added 
> in the token returned.
>
> I don't know if this makes sense.
>
> Thanks,
> Felipe Pinheiro
> Software Developer
> [image: telephone] +55 85 996123367 [image: skype] live:felipeagpinheiro 
> [image:
> linkedin] linkedin.com/in/felipe-pinheiro-8b045587
> 
> Innovating Commerce with Shopping Intelligence
> [image: OSF Banner]
> 
> https://www.osf-commerce.com/
>
>
> Em qui, 7 de fev de 2019 às 18:41, Farasath Ahamed 
> escreveu:
>
>>
>>
>> On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <
>> felipe.pinhe...@ifactory.com.br> wrote:
>>
>>> Hello,
>>>
>>> I am trying to make a change in JWT by adding new information sent in
>>> the request (/token).
>>>
>>
>> So by JWT are you referring to the id_token?
>>
>>>
>>> Is there a way to send a parameter in a custom grant type and add that
>>> parameter inside JWT?
>>>
>>> I am with

Re: [Dev] JWT WSO2

2019-02-08 Thread Felipe Pinheiro 
Hello,

I need to add new information in the token, but this information will be
sent when to call the /token.

For example, I have this return:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7ImlkIjoyLCJuYW1lIjoidGVzdCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6ImFkbWluIn0sInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImtleXR5cGUiOiJQUk9EVUNUSU9OIiwic3Vic2NyaWJlZEFQSXMiOltdLCJjb25zdW1lcktleSI6ImhGNG9UTzVONnJtX3d1QWVnWDdGWldFdWRFTWEiLCJleHAiOjE1NDk0ODM2MDQsImlhdCI6MTU0OTQ4MDAwNDgwMSwianRpIjoiOTIwNzM5ZWEtZjE2NS00ZDRjLTliYTEtNDRjYWFjZmZlNzQxIn0=.Gt60ZRnGC7KYUQ6dv7SbVljIA6ION3fp5yqo4qGtbSlvqHCBw6mAYYQlXHDc_5RRVa3xnTsqPvW3f8LcKTHvWZriRjj4j31GTwBobM7nfACEsghGV7cSCkgIyAdqT36Tm7EECi2zkI30KlcznE5bZ6P3ts6yPAHcMi-L_gCH3NDWaqrTg9dXo_YF9grTxoYglaf_T9WiuLlkgohk46uatRTTtEBZQKTrjlXbALK3uPdFYurFY1sQGIa_BTDNgTWRi2yQsjTce6ElgDAxhNyNKKh0x3oksKWoSV6-_pSx2QPTiKt90I1rAvp-P_SOm_Y83QGSFCJ7MlaK5wYQlih-vA==

{
  "aud" : "http://org.wso2.apimgt/gateway;,
  "sub" : "admin",
  "application" : {
"id" : 2,
"name" : "test",
"tier" : "Unlimited",
"owner" : "admin"
  },
  "scope" : "default",
  "iss" : "https://localhost:9443/oauth2/token;,
  "keytype" : "PRODUCTION",
  "subscribedAPIs" : [ ],
  "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
  "exp" : 1549483604,
  "iat" : 1549480004801,
  "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
}

But I have to add a new value, as the example below:

{
  "aud" : "http://org.wso2.apimgt/gateway;,
  "sub" : "admin",
  "application" : {
"id" : 2,
"name" : "test",
"tier" : "Unlimited",
"owner" : "admin"
  },
  "scope" : "default",
  "iss" : "https://localhost:9443/oauth2/token;,
  "keytype" : "PRODUCTION",
  "subscribedAPIs" : [ ],
  "consumerKey" : "hF4oTO5N6rm_wuAegX7FZWEudEMa",
  "exp" : 1549483604,
  "iat" : 1549480004801,
  "jti" : "920739ea-f165-4d4c-9ba1-44caacffe741"
  "accountid":"330"
}

So, The accountID information should be sent using /token resource and
added in the token returned.

I don't know if this makes sense.

Thanks,
Felipe Pinheiro
Software Developer
[image: telephone] +55 85 996123367 [image: skype]
live:felipeagpinheiro [image:
linkedin] linkedin.com/in/felipe-pinheiro-8b045587

Innovating Commerce with Shopping Intelligence
[image: OSF Banner]

https://www.osf-commerce.com/


Em qui, 7 de fev de 2019 às 18:41, Farasath Ahamed 
escreveu:

>
>
> On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <
> felipe.pinhe...@ifactory.com.br> wrote:
>
>> Hello,
>>
>> I am trying to make a change in JWT by adding new information sent in the
>> request (/token).
>>
>
> So by JWT are you referring to the id_token?
>
>>
>> Is there a way to send a parameter in a custom grant type and add that
>> parameter inside JWT?
>>
>> I am with this issue there for some weeks and I don't know if is possible
>> to perform that change in the JWT.
>>
>
> If you could explain your use case in detail devs will be able to guide on
> achieving it using a suitable configuration/extension point.
>
>>
>> Thank you very much.
>>
>> Cheers,
>> Felipe Pinheiro
>> Software Developer
>> [image: telephone] +55 85 996123367 [image: skype] live:felipeagpinheiro 
>> [image:
>> linkedin] linkedin.com/in/felipe-pinheiro-8b045587
>> 
>> Innovating Commerce with Shopping Intelligence
>> [image: OSF Banner]
>> 
>> https://www.osf-commerce.com/
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> Farasath Ahamed
> Senior Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] JWT WSO2

2019-02-07 Thread Farasath Ahamed 
On Thu, Feb 7, 2019 at 9:56 PM Felipe Pinheiro <
felipe.pinhe...@ifactory.com.br> wrote:

> Hello,
>
> I am trying to make a change in JWT by adding new information sent in the
> request (/token).
>

So by JWT are you referring to the id_token?

>
> Is there a way to send a parameter in a custom grant type and add that
> parameter inside JWT?
>
> I am with this issue there for some weeks and I don't know if is possible
> to perform that change in the JWT.
>

If you could explain your use case in detail devs will be able to guide on
achieving it using a suitable configuration/extension point.

>
> Thank you very much.
>
> Cheers,
> Felipe Pinheiro
> Software Developer
> [image: telephone] +55 85 996123367 [image: skype] live:felipeagpinheiro 
> [image:
> linkedin] linkedin.com/in/felipe-pinheiro-8b045587
> 
> Innovating Commerce with Shopping Intelligence
> [image: OSF Banner]
> 
> https://www.osf-commerce.com/
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] JWT WSO2

2019-02-07 Thread Felipe Pinheiro 
Hello,

I am trying to make a change in JWT by adding new information sent in the
request (/token).

Is there a way to send a parameter in a custom grant type and add that
parameter inside JWT?

I am with this issue there for some weeks and I don't know if is possible
to perform that change in the JWT.

Thank you very much.

Cheers,
Felipe Pinheiro
Software Developer
[image: telephone] +55 85 996123367 [image: skype]
live:felipeagpinheiro [image:
linkedin] linkedin.com/in/felipe-pinheiro-8b045587

Innovating Commerce with Shopping Intelligence
[image: OSF Banner]

https://www.osf-commerce.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev