Reputation: 67
WSO2 JWTGenerator and APIMgtGatewayJWTGeneratorImpl
Сan someone explain to me the difference between JWTGenerator and APIMgtGatewayJWTGeneratorImpl classes?
I updated wso2 from version 2.6.0 to 4.1.0 and there was only this JWTGenerator generator class, but now it does not work.
Upvotes: 2
Views: 247
Answers (2)
Reputation: 4001
In early versions of WSO2 API Manager, it has opaque token support. So if you are migrating to latest APIM version and still want to use opaque tokens instead of the JWT tokens, you have to use the class JWTGenerator. If you look at the package of this class, it is org.wso2.carbon.apimgt.keymgt.token. So token generation happens at the key manager(KM) side. When an opaque token is used in an API call, the gateway calls the key manager to validates the opaque token and also it generates a backend JWT. Then the gateway receives the backend JWT for a valid access token from the KM and GW sends the Backend JWT to the backend service. Refer - https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/api-gateway/passing-enduser-attributes-to-the-backend-via-api-gateway/#customizing-the-jwt-generation-completely
If you are using JWT access tokens to access APIs, then you should use APIMgtGatewayJWTGeneratorImpl. When an access token comes to the gateway, it validates the token itself and generates a backend JWT. So this class is used. Refer - https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/api-gateway/passing-enduser-attributes-to-the-backend-via-api-gateway/#jwt-self-contained-access-tokens
Upvotes: 3
Reputation: 3758
We have done a major architectural redesign (Please refer this) to the gateway and keymanager components in the latest versions of the product. One of the key changes is to make the gateway run independently without connecting to the keymanager node. For that, one change introduced is JWT tokens (instead of opaque tokens which were used in older versions). With the introduction of this, all the token validation happens within the gateway node without needing to connect to the keymanager node.
Previously (versions before 3.2.0) the backend JWT was generated in the keymanager node. For that JWTGenerator is used. Now since everything happens in the gateway node, this backend jwt is also generated from the gateway node. For that, we use this APIMgtGatewayJWTGeneratorImpl class (which is extended from the parent class AbstractAPIMgtGatewayJWTGenerator )
Hope you understood why your custom JWTGenerator from API Manager 2.6.0 is not working in the latest version. You will have to create a new custom JWT generator as mentioned in this doc
Upvotes: 2
Related Questions
- Customizing JWT generation not working in WSO2 APIM 4.0.0
- WSO2 Apim validate JWT token
- Customizing JWT generation not working in WSO2 APIM 3.1.0
- WSO2-AM 3.2.0 - OAuth token - Hash type
- JWT in WSO2 APIM 3.1.0
- JWT handling with WSO2-AM
- WSO2AM JWT is duplicated
- WSO2 Identity Server JWT Bearer
- Validating JWT token in WSO2 API gateway
- WSO2 API manager : Adding JWT properties