Sam Mathi
Reputation: 41
Returning custom attributes in OAath access token
We wish to return custom attributes from LDAP server as part of OAuth access token.
- Is this possible.
- Is it advisable? Is it a valid use of OAuth? Does the RFC discourage it?
I could not find a concrete answer, please avise. Thank you.
Upvotes: 4
Views: 927
Answers (2)
Gab
Reputation: 8332
- Yes
- Yes
It's indeed both possible and advisable, for example the spring security implementation provides an interface allowing to enrich the access token with custom properties.
Upvotes: 0
Ramesh Lingappa
Reputation: 2488
Yes you can add custom attributes in addition to standards properties like , (access_token,refresh_token, expiry) etc.
The spec does not impose strict property usage , check the sample response mentioned in spec OAuth2 Spec
Upvotes: 2
Related Questions
- Where to store the refresh token on the Client?
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- Using an authorization header with Fetch in React Native
- What is the purpose of the implicit grant authorization type in OAuth 2?
- OAuth 2.0: Benefits and use cases — why?
- Refreshing OAuth token using Retrofit without modifying all calls
- How does OAuth 2 protect against things like replay attacks using the Security Token?
- OAuth2 and Google API: access token expiration time?
- Spring OAuth2 authorization requests always returning the same access token
- OAuth v2 communication between authentication and resource server