For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Daniel_W__13795's avatar
Daniel_W__13795
Icon for Nimbostratus rankNimbostratus
Jan 04, 2019

APM: OAUTH2 JWT Token with groups claim

Hello and happy new year 😉 We use APM as OAuth Authorization Server to create JWT token for apps. One of our customers wants to use the MicroProfile JWT(MP-JWT) for his application, that needs som...
BIG-IP Access Policy Manager (APM)
jwt
oauth 2.0
security
Daniel_W_'s avatar
Daniel_W_
Icon for Cirrus rankCirrus
Apr 08, 2020

Hi Marvin,

 

you can retrieve the claims in the JWT access token.

You need to add token_content_type=jwt to the request and enable JWT in OAUTH profile and Client ID

Example:

https://sso.test.com/f5-oauth2/v1/authorize?redirect_uri=https://localhost&response_type=code&client_id=xyz&token_content_type=jwt

Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Apr 08, 2020

Hi Daniel, ok thanks that makes sense so you just use GET method not POST? I just tested and F5 replies to the redirect URL with the Access token appended but I dont see any claims info. Inside the oauth profile and client application JWT checkbox is enabled, any thoughts left?