Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

OAuth Policy to Generate and Validate the oauth JWT Token

Hi Team 

We are using below operation to generate the token using Oauth2.0 Policy

<OAuthV2 name="generate-policy">
 
<Operation>GenerateJWTAccessToken</Operation>
 
<SupportedGrantTypes>
   
<GrantType>client_credentials</GrantType>
 
</SupportedGrantTypes>
 
<GenerateResponse enabled="true"/>
 
<Algorithm>RS256</Algorithm>
 
<PrivateKey>
   
<Value ref="private.rsa-privatekey-1"/>
 
</PrivateKey>
 
<ExpiresIn ref="kvm.oauth.expires_in">3600000</ExpiresIn>
</OAuthV2> 

 and the Verify we are using 

<OAuthV2 name="OAuthV2-verify-jwt">
 
<Operation>VerifyJWTAccessToken</Operation>
 
<Algorithm>RS512</Algorithm>
 
<PublicKey>
   
<Value ref="propertyset.non-secrets.rsa-publickey-1"/>
 
</PublicKey>
</OAuthV2>

 So may question is can we generate the "GenerateJWTAccessToken" with custom claims as we can do in generateJWT policy, Also can we validate custom claims as well in VerifyJWtAccessToken in OAuthv2.0 policy.

 Please provide some guidance here 🙂

@dchiesa1 

1 REPLY 1