WSO2 APIM - Add user roles in JWT payload

Question

I\'m developing some SpringBoot microservices that exposes REST through WSO2 APIM.

Microservice itself does not implement any kind of authentication or authorization meca

Answer 1

Easiest way to get role claim included in the auth JWT is to add a claim mapping in service provider level and request the token with openid scopes. To do this try below steps.

1. Log in to management console https://<host>:<port>/carbon

2. List service providers in the left menu

3. Go to edit on the required service provider (Each application in the developer portal has a mapping service provider)

4. Add a claim mapping to role claim as below

5. Send the token request with the scope=openid parameter

   curl -k -X POST https://localhost:8243/token -d "grant_type=password&username=<Username>&password=<Password>&scope=openid" -H "Authorization: Basic <Credentials>"
   

6. Response access token will contain roles in this format

   {
       "sub": "admin@carbon.super",
       "iss": "https://localhost:9443/oauth2/token",
       "groups": [
           "Internal/subscriber",
           "Internal/creator",
           "Application/apim_devportal",
           "Application/admin_NewApp_PRODUCTION",
           "Internal/publisher",
           "Internal/everyone",
           "Internal/analytics",
       ],
       ...
   }