Add client_name in the JWT token
search cancel

Add client_name in the JWT token

book

Article ID: 435420

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

How/where to get client_name value and add inside JWT token as a claim?

App wants to see specific client_name as 'abcd' value inside JWT token.

Environment

CA API Gateway 11.1.x

OTK Suite 4.6.x

Resolution

- The solution involve a policy customization .

1. In first place , from your OAuth Manager , search for your client ID used on your use case and  then open it , select " List keys" to display All the client keys.
   - once there, click on the "client_key_custom", it will show something like the following : 
   {
    "openid_registration": {
        "request": "",
        "response": {
            "token_endpoint_auth_signing_alg": "",
            "jwks": "",
            "subject_type": "pairwise",
            "application_type": "",
            "resource": "",
            "description": "Oauth client to test",
            "registration_client_uri": "",
            "redirect_uris": "https://gateway.example.com:8443/oauth/v2/client/authcode?auth=done,https://gateway.example.com:8443/oauth/v2/client/implicit?auth=done",
            "sector_identifier_uri": "",
            "registration_access_token": "",
            "client_id": "bcaedf4b-f1f8-4f38-adad-edited143ab3",
            "token_endpoint_auth_method": "client_secret_basic",
            "userinfo_signed_response_alg": "",
            "master": false,
            "environment": "ALL",
            "client_secret_expires_at": "0",
            "scope": "oob",
            "organization": "Org",
            "jwks_uri": "",
            "client_secret": "",
            "client_id_issued_at": "1717165846",
            "client_name": "client01",
            "id_token_signed_response_alg": "HS256"
        },
        "oauth_client": true
    }
}

       .. do you need to confirm there is a   "client_name":  with a value there , like example:    "client_name": "client01"

       Note:  if do you have not a value there , then not possible to display that client_name from the OTK JWT token generated.

 

2. -  Once confirmed the client_name is present :

     Open the Policy Manager and open the OTK -> Customizations folder modify the "#OTK Generate JWT OAuth Token" assertion  , at "Evaluate JSON Path Expression V2 Properties" 

     modify the client custom field json as seen in the screenshot below and add a element to it .

 

3. Then in the generate JWT policy Json path v2 to parse the custom with syntax like :   .client_custom.client_name  and reference as ${client_name.result}

 

 

Powered by Wolken Software