Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11445

Request to Customize OAuth2 Access Token Content

    XMLWordPrintable

    Details

    • Epic Name:
      Customizable Access Token
    • Support Ticket IDs:

      Description

      This RFE is similar to OPENAM-8440, but not limiting to stateless token.

      The current OAuth2 access_token is not pluggable.
      For example a user makes a request:

      POST /token HTTP/1.1
      Host: server.example.com
      Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
      Content-Type: application/x-www-form-urlencoded
      
      grant_type=client_credentials&example_param=example_value
      

      OpenAM allows the users to return additional data via Scope Validator plugin class (ie. additionalDataToReturnFromTokenEndpoint() method). However, this is one time operation and is not persisted in CTS store.

      It would be nice if there is a away to add custom field to tokens so it will be persisted in CTS store. Or if it's stateless token, it would be nice if OpenAM offers the ability to leverage a JWT format, with an additional scriptable component to control attributes within the JWT similar to the scriptable OIDC id_token.

      Acceptance Criteria

      • We have a new script type of "Access Token modification"
      • On a Provider level I can specify an Access Token modification script
      • The modification script can override existing Access Token attributes (modification = add, modify, delete)
      • Script needs access to same context as the OIDC Claims script
      • Introspect endpoint is able to return modified attributes
      • Works for Stateful and Stateless tokens
      • Script should use CHF client (not Restlet)
      • The Access Token hash in idtokens (when provided) should be correctly calculated.
      • We need a default script as an example of how Access Tokens can be modified.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                17 Vote for this issue
                Watchers:
                36 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: