WSO2 IS 5.11.0/APIM 4.1.0- JWT Token not returning Custom Claims

Question

1. Added a custom claim by navigating to WSO2 v5.11 IS console and navigating to Claims -> Add -> Add Local Claim. as shown below

2. New User created in WSO2 and profile updated with custom claims as shown below

3. Invoke published end point from Java client to get the JWT Token from request headers as shown below.

   jWTToken = httpRequest.getHeader("X-JWT-Assertion");

4. JWT Token retrieved successfully from request headers.

5. After decoding the token we are seeing only default claims not the custom claims.

6. We are expecting the JWT token should return custom claims along with default claims.

7. Is there any configuration required in WSO2 5.11.0 to get the custom claims with JWT token?

Environment

• WSO2 IS 5.11.0
• WSO2 API Manager 4.1.0

Expectation

• JWT Token should return custom claims

Answer 1

If you want to add the custom claims to your generated JWT tokens, you need to mark the claims in the service provider configuration as mandatory of the particular application you are using to generate the token. Refer https://is.docs.wso2.com/en/5.10.0/learn/configuring-claims-for-a-service-provider/#claim-mapping for more details.

Then you need to add the openid scope when invoking the token endpoint.

curl -k -d "grant_type=password&username=<USERNAME>&password=<PASSWORD>&scope=openid" -H "Authorization: Basic <BASE64 ENCODED CONSUMER_KEY:CONSUMER_SECRET>, Content-Type: application/x-www-form-urlencoded" https://<GATEWAY_HOSTNAME>:<PORT>/token

Refer https://apim.docs.wso2.com/en/latest/design/api-security/openid-connect/obtaining-user-profile-information-with-openid-connect/ for more details.

Then the custom claim will be added to the token, and will be passed to the generated backend JWT token as well.