![](/img/trans.png)
[英]Configuring CORS for WSO2 API Manager JWT Grant token endpoint
[英]WSO2 API Manager - Add client roles to password grant JWT
您需要請求具有 openid 范圍的令牌以檢索附加用戶信息作為 JWT 令牌的聲明。 您可以參考https://apim.docs.wso2.com/en/latest/learn/api-security/openid-connect/obtaining-user-profile-information-with-openid-connect/了解更多詳情。
例如,如果您想在生成的 JWT 中獲取用戶角色,您可以將http://wso2.org/claims/role
聲明作為Claim Configuration
下的請求聲明添加到您從 carbon 控制台使用的服務提供者. 有關更多詳細信息,請參閱https://is.docs.wso2.com/en/5.10.0/learn/configuring-claims-for-a-service-provider/#claim-mapping 。
然后當您調用令牌端點時,您需要添加 openid 范圍。
curl -k -d "grant_type=password&username=<USERNAME>&password=<PASSWORD>&scope=openid" -H "Authorization: Basic <BASE64 ENCODED CONSUMER_KEY:CONSUMER_SECRET>, Content-Type: application/x-www-form-urlencoded" https://<GATEWAY_HOSTNAME>:<PORT>/token
生成的 JWT 令牌負載將是這樣的,
{
"sub": "admin",
"aut": "APPLICATION_USER",
"aud": "5af6EfSzqxS_dfmUnQ28sHdpZzYa",
"nbf": 1610395871,
"azp": "5af6EfSzqxS_dfmUnQ28sHdpZzYa",
"scope": "openid",
"iss": "https://localhost:9443/oauth2/token",
"groups": [
"Internal/subscriber",
"Internal/creator",
"Application/admin_DefaultApplication_PRODUCTION",
"Application/apim_devportal",
"Internal/publisher",
"Internal/everyone",
"Internal/devops",
"Application/apim_admin_portal",
"admin",
"Internal/analytics",
"Application/apim_publisher"
],
"exp": 1610399471,
"iat": 1610395871,
"jti": "75ddfca2-5088-435d-825a-3320efc10036"
}
希望這有幫助!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.