Reputation: 395
WSO2 JWT claims returns wrong user
Environment
Clustered API Manager 2.1.0 (two workers, one manager) and Identity Server 5.3.0 (two workers)
Issue
When logging into a webpage, I login as the application creator. Which causes the JWT claims to be the application creator instead of user who logged in.
Idea of issue
My idea of the problem is since the application was created by one user it uses applications client_id as authorization. Since the application is linked to the user who created the application, it logs others in as that user. So when we get the JWT claims back it has the information for the user who created the application instead of the user who logged in.
What types of things should I be looking at as a possible fix for this problem? I believe the JWT configurations can fix the problem. Which I know either api-manager.xml or identity.xml could have the answer.
How do I get the correct JWT claims back from the access token?
JWT Sample
{
"sub": "12345678",
"http://wso2.org/claims/applicationtier": "Unlimited",
"http://wso2.org/claims/client_id": "bzuM29gewg5gxazegXiNfkwsgz",
"http://wso2.org/claims/keytype": "SANDBOX",
"http://wso2.org/claims/version": "1.0.1",
"iss": "wso2.org/products/am",
"http://wso2.org/claims/applicationname": "CellPhones",
"http://wso2.org/claims/enduser": "null",
"http://wso2.org/claims/enduserTenantId": "null",
"http://ourdomain.com/claims/client_rest_of_name": "Ben",
"http://ourdomain.com/claims/client_surname": "Kenobi",
"http://wso2.org/claims/subscriber": "DOMAIN/benk",
"http://wso2.org/claims/tier": "Bronze",
"http://ourdomain.com/claims/client_claim_source": "CLIENT_SUBSCRIBER",
"http://ourdomain.com/claims/client_roles": [
"Full-Time Employee",
"Employee",
"Technology Engineer"
],
"http://wso2.org/claims/applicationid": "8",
"http://wso2.org/claims/usertype": "APPLICATION_USER", <- Client app
"exp": 1493232200,
"email": "[email protected]",
"http://wso2.org/claims/apicontext": "/jwt/1.0.1"
}
Upvotes: 0
Views: 335
Answers (1)
Related Questions
- JWT handling with WSO2-AM
- Wso2 IS 5.10 SAML grant type not getting claims in jwt token(OAUTH2) but visible in JWT Token
- Add custom claims to JWT ACCESS TOKEN using OIDC & WSO2 IS
- Generate JWT in WSO2 by authenticating user via a different server
- WSO2 id_token with missing claims
- WSO2 Identity Server not returning requested claims with OAuth/OpenID
- WSO2 Identity Server JWT Bearer
- Validating JWT token in WSO2 API gateway
- How do I get custom claims in the JWT produced by WSO2 API Manager
- WSO2 IS 5.1.0 as OAuth/OIDC IdP response with different claims on UserInfo endpoint