For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Daniel_W__13795's avatar
Daniel_W__13795
Icon for Nimbostratus rankNimbostratus
Jan 04, 2019

APM: OAUTH2 JWT Token with groups claim

Hello and happy new year 😉 We use APM as OAuth Authorization Server to create JWT token for apps. One of our customers wants to use the MicroProfile JWT(MP-JWT) for his application, that needs som...
BIG-IP Access Policy Manager (APM)
jwt
oauth 2.0
security
Daniel_W_'s avatar
Daniel_W_
Icon for Cirrus rankCirrus
Apr 08, 2020

Hi Marvin,

 

you can retrieve the claims in the JWT access token.

You need to add token_content_type=jwt to the request and enable JWT in OAUTH profile and Client ID

Example:

https://sso.test.com/f5-oauth2/v1/authorize?redirect_uri=https://localhost&response_type=code&client_id=xyz&token_content_type=jwt

Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Apr 08, 2020

I confirm that when using token_content_type=jwt the claim variables are being set with right values except for the fact that its not responding with the JWT and claims information. The only thing is that its being redirected with parameter ?code=xxxxxxx