Reputation: 1096
JWT with no claims after refreshing it
I'm using oauth2-proxy as a reverse proxy with IBM ISAM as the identity provider (IdP).
When doing the initial token request, (after requesting the /authorization endpoint), the JWT I receive contains all the claims I requested in the scope. That's perfect.
But now when I do a token refresh using the refresh_token on the /token endpoint, the JWT I receive contains only the basic info with no claims.
What am I doing wrong?
Can it be a limitation of IBM ISAM?
I need those claims to be in the JWT, because istio uses the "groups" claim to do authorization on requests. So after the JWT is refreshed, the user gets an access denied because the "groups" claim becomes empty in the JWT.
I troubleshooted this using Postman, there is a feature to debug an oauth2 flow.
Upvotes: 0
Views: 19
Answers (0)
Related Questions
- How to decode jwt token in javascript without using a library?
- If you can decode JWT, how are they secure?
- JWT (JSON Web Token) automatic prolongation of expiration
- What are the main differences between JWT and OAuth authentication?
- NGINX JWT authentication validating specific JWT Claims (iss, aud etc)
- Istio (1.6.2) : RBAC Access Denied for Valid JWT Token
- How to generate a JWT access token with some custom claims in it?
- Unable to get custom claims in JWT token
- Claims in JWT vs Claims Transformation in Resource
- How to force AD FS 3.0 (Windows 2012 R2) to send nbf (not before) in jwt