WSO2 APIM - Add user roles in JWT payload

后端 未结 1 1975
独厮守ぢ
独厮守ぢ 2021-01-25 09:44

I\'m developing some SpringBoot microservices that exposes REST through WSO2 APIM.

Microservice itself does not implement any kind of authentication or authorization meca

相关标签:
1条回答
  • 2021-01-25 10:05

    Easiest way to get role claim included in the auth JWT is to add a claim mapping in service provider level and request the token with openid scopes. To do this try below steps.

    1. Log in to management console https://<host>:<port>/carbon

    2. List service providers in the left menu

    3. Go to edit on the required service provider (Each application in the developer portal has a mapping service provider)

    4. Add a claim mapping to role claim as below

    5. Send the token request with the scope=openid parameter

      curl -k -X POST https://localhost:8243/token -d "grant_type=password&username=<Username>&password=<Password>&scope=openid" -H "Authorization: Basic <Credentials>"
      
    6. Response access token will contain roles in this format

      {
          "sub": "admin@carbon.super",
          "iss": "https://localhost:9443/oauth2/token",
          "groups": [
              "Internal/subscriber",
              "Internal/creator",
              "Application/apim_devportal",
              "Application/admin_NewApp_PRODUCTION",
              "Internal/publisher",
              "Internal/everyone",
              "Internal/analytics",
          ],
          ...
      }
      
    0 讨论(0)
提交回复
热议问题