product-microgateway icon indicating copy to clipboard operation
product-microgateway copied to clipboard

Published 20 hours ago verified publisher icon wso2

Support custom claim mapping via Key Manager in APIM mode

Open suksw opened this issue 3 years ago • 0 comments

Describe your problem(s)

As per https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/choreo-connect/support-custom-claims-mapping/ we currently only support adding custom claim mappings via the config.toml. This can also be added via Key Manager. For an example, once this is added we will be able to,

  1. Add the claim mapping via admin protal -> Key Managers -> Resident Key Manager -> Claim Mappings
remote claim - scp
local claim - scope
  1. Create an API and add a scope via Publisher
  2. Create a valid signed (using keys similar to apim resident key manager or the configured issuer) jwt with the claim "scp" and the scope as the value.
  3. Use the token to invoke a resource that is protected by the scope and validation will become successful.

Describe your solution

In APIM mode, when we add a claim mapping in Key manager we also receive a Key manager event. This can be used to update the jwt custom claim mappings.

How will you implement it

Optional Fields

Related Issues:

https://github.com/wso2/product-microgateway/issues/2376

Suggested Labels:

Suggested Assignees:

suksw avatar Nov 19 '21 08:11 suksw