2:04 a.m.
I have some custom claims which are added to the access token at login.
This is working fine, verified the token has the claims etc...
Today I have added user impersonation to the client app - it is not using
the direct "naked grant" to request a token on behalf of a user.
I get a valid token back, but it is missing the claims from the custom
client scope.
I have tried with, and without adding a scope to the request, and also
adding the client scope as default for the realm and the client - but the
claims are still not added to the token.
Suggestions?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
5:41 a.m.
sorry - that should be "it is using the direct "naked grant" to request a
token on behalf of a user." I am using a direct naked grant.
Is there another way to get my claims added to the JWT?
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Fri, 18 Oct 2019 at 13:04, James Mitchell <jamesm(a)suitebox.com> wrote:
I have some custom claims which are added to the access token at
login.
This is working fine, verified the token has the claims etc...
Today I have added user impersonation to the client app - it is not using
the direct "naked grant" to request a token on behalf of a user.
I get a valid token back, but it is missing the claims from the custom
client scope.
I have tried with, and without adding a scope to the request, and also
adding the client scope as default for the realm and the client - but the
claims are still not added to the token.
Suggestions?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
1:58 a.m.
After more investigation, I find that the problem I have is NOT missing
claims because the scope mappers don't work. I have found that the mappers
are fine for hard coded values, and for simple things like email and name.
My problem is that the claims I want to map are attributes on my custom
user adapter object, and they are not available on the usermodel that the
token exchange is using - I suspect that this is a cache issue - the
usermodel is taken from the cache and it is a normal usermodel, not my
custom class, so my attributes are not visible.
I'll stop this thread and start a new question about custom attributes in
the cached user model.
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Mon, 21 Oct 2019 at 16:41, James Mitchell <jamesm(a)suitebox.com> wrote:
sorry - that should be "it is using the direct "naked
grant" to request a
token on behalf of a user." I am using a direct naked grant.
Is there another way to get my claims added to the JWT?
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Fri, 18 Oct 2019 at 13:04, James Mitchell <jamesm(a)suitebox.com> wrote:
> I have some custom claims which are added to the access token at login.
> This is working fine, verified the token has the claims etc...
>
> Today I have added user impersonation to the client app - it is not using
> the direct "naked grant" to request a token on behalf of a user.
>
> I get a valid token back, but it is missing the claims from the custom
> client scope.
>
> I have tried with, and without adding a scope to the request, and also
> adding the client scope as default for the realm and the client - but the
> claims are still not added to the token.
>
> Suggestions?
>
> Thanks,
> James
>
>
> ----
>
> *James Mitchell*
>
> Developer
>
> e: jamesm(a)suitebox.com
>
> w: www.suitebox.com
>
>
> *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
>
2:46 a.m.
To close this off, everything is working as expected after
* having my provider implement the OnUserCache interface
* then add the function for the call back to transfer the attributes across
List<String> ATTRIBUTES = Arrays.asList("crmCode",
"crmId");
@Override
public void onCache(RealmModel realm, CachedUserModel user, UserModel
delegate) {
logger.info(String.format("Caching user %s", delegate.getId()));
for(String attribute: ATTRIBUTES){
user.setAttribute(attribute, delegate.getAttribute(attribute));
}
}
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Tue, 22 Oct 2019 at 12:58, James Mitchell <jamesm(a)suitebox.com> wrote:
After more investigation, I find that the problem I have is NOT
missing
claims because the scope mappers don't work. I have found that the mappers
are fine for hard coded values, and for simple things like email and name.
My problem is that the claims I want to map are attributes on my custom
user adapter object, and they are not available on the usermodel that the
token exchange is using - I suspect that this is a cache issue - the
usermodel is taken from the cache and it is a normal usermodel, not my
custom class, so my attributes are not visible.
I'll stop this thread and start a new question about custom attributes in
the cached user model.
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Mon, 21 Oct 2019 at 16:41, James Mitchell <jamesm(a)suitebox.com> wrote:
> sorry - that should be "it is using the direct "naked grant" to
request a
> token on behalf of a user." I am using a direct naked grant.
>
> Is there another way to get my claims added to the JWT?
>
>
> ----
>
> *James Mitchell*
>
> Developer
>
> e: jamesm(a)suitebox.com
>
> w: www.suitebox.com
>
>
> *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
>
>
> On Fri, 18 Oct 2019 at 13:04, James Mitchell <jamesm(a)suitebox.com> wrote:
>
>> I have some custom claims which are added to the access token at login.
>> This is working fine, verified the token has the claims etc...
>>
>> Today I have added user impersonation to the client app - it is not
>> using the direct "naked grant" to request a token on behalf of a user.
>>
>> I get a valid token back, but it is missing the claims from the custom
>> client scope.
>>
>> I have tried with, and without adding a scope to the request, and also
>> adding the client scope as default for the realm and the client - but the
>> claims are still not added to the token.
>>
>> Suggestions?
>>
>> Thanks,
>> James
>>
>>
>> ----
>>
>> *James Mitchell*
>>
>> Developer
>>
>> e: jamesm(a)suitebox.com
>>
>> w: www.suitebox.com
>>
>>
>> *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
>>
>
1657
days inactive
1661
days old
3 comments
1 participants
participants (1)
-
James Mitchell