F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Daniel_W__13795's avatar
Daniel_W__13795
Icon for Nimbostratus rankNimbostratus
Jan 04, 2019

APM: OAUTH2 JWT Token with groups claim

Hello and happy new year 😉 We use APM as OAuth Authorization Server to create JWT token for apps. One of our customers wants to use the MicroProfile JWT(MP-JWT) for his application, that needs som...
BIG-IP Access Policy Manager (APM)
jwt
oauth 2.0
security
Rene_C__129338's avatar
Rene_C__129338
Icon for Nimbostratus rankNimbostratus
Jan 22, 2019

Bump! Same question on my side, this is actually a mandatory feature.

 

Any possibility to do json arrays / lists in a claim?

 

Thanks!

 

Eric_Chen_12394's avatar
Eric_Chen_12394
Historic F5 Account
Feb 21, 2019

I believe this is possible (at least on <= 14.1) if you use an iRule event. Something like:

 

...
set mygroups [ ACCESS::session data get "session.mygroups" ]
append payload {,"mygroups":} "\[$mygroups\]"
...

This is adapted from the example at: https://clouddocs.f5.com/api/irules/ACCESS__oauth.html

 

In my AP I have a variable assign with an expression of:

 

return {"group1","group2"}