Layer7 OAuth Toolkit: preferred_username not set in JWT access token

book

Article ID: 196181

calendar_today

Updated On:

Products

CA API Gateway API SECURITY STARTER PACK-7 CA Microgateway

Issue/Introduction

When generating an access token as a JWT, the preferred_username claim is missing or blank,

Cause

This occurs because the preferred_username claim is only set when a scope of openid is requested.

Environment

Release : 9.4

Component : API GATEWAY

Resolution

To return the username you will need to ensure that the client is registered with and requests the scope of openid.

Optionally, the scope check can be removed or customized to another scope value defined in your organization.

Attachments