This documentation is for WSO2 Identity Server 5.4.1 . View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Implement the following two extensions.
    • GrantTypeHandler - This is the implementation of the grant type. Here you can implement the way, it must be validated and how token must be issued. You can write the new implementation by implementing the “AuthorizationGrantHandler” interface or by extending “AbstractAuthorizationGrantHandler”. In most cases, it is enough to extend the “AbstractAuthorizationGrantHandler” in the WSO2 OAuth component.
    • GrantTypeValidator - This is used to validate the grant request that is sent to the /token endpoint. You can define what parameters must be in the request and define the validation of them. You can write the new implementation by extending the “AbstractValidator” in Apache Amber component.
  2. When implementation is done, package your class as a .jar file and place it in the <IS_HOME>/repository/component/lib directory.
  3. To register the custom grant type, configure the <IS_HOME>/repository/conf/identity/identity.xml file by adding a new entry, in a manner similar to the following example, under the <OAuth><SupportedGrantTypes> element. Add a unique identifier between the <GrantTypeName> tags as seen in the code block below.

    Code Block
    languagexml
    <SupportedGrantType>
    	<GrantTypeName>grant type identifier </GrantTypeName>
    	<GrantTypeHandlerImplClass>full qualified class name of grant handler</GrantTypeHandlerImplClass>
    	<GrantTypeValidatorImplClass>full qualified class name of grant validator</GrantTypeValidatorImplClass>
    	<IdTokenAllowed>true<IdTokenAllowed><IdTokenAllowed>true</IdTokenAllowed>
    </SupportedGrantType>
    Info

    By making <IdTokenAllowed> 'true', it allows the flexibility to control IDtoken issuing for each grant and OIDC scope validator validates the grant types which should support with "openid" scope.

    To test this out, follow the instructions below to implement a custom-grant type sample. 

...

  1. To generate the .jar file you must run the following Apache Maven command in the sample's location using the command line.

    Code Block
    mvn clean install
  2. Copy the .jar file in target directory into the <IS_HOME>/repository/component/lib directory. You can also modify the project and build it using Apache Maven 3.
  3. Configure the following in the <IS_HOME>/repository/conf/identity/identity.xml file under the <OAuth><SupportedGrantTypes> element.

    Code Block
    languagexml
    <SupportedGrantType>
    	<GrantTypeName>mobile</GrantTypeName>
    	<GrantTypeHandlerImplClass>org.wso2.sample.identity.oauth2.grant.mobile.MobileGrant</GrantTypeHandlerImplClass>
    	<GrantTypeValidatorImplClass>org.wso2.sample.identity.oauth2.grant.mobile.MobileGrantValidator</GrantTypeValidatorImplClass>
    	<IdTokenAllowed>true<IdTokenAllowed><IdTokenAllowed>true</IdTokenAllowed>
    </SupportedGrantType>
  4. Restart the server.
  5. Configure the new OAuth grant type.
    1. Sign in to the WSO2 Identity Server. Enter your username and password to log on to the Management Console
    2. Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
    3. Fill in the Service Provider Name and provide a brief Description of the service provider. See Adding a Service Provider for more information.
    4. Expand the OAuth/OpenID Connect Configuration and click Configure.
    5. Enter a callback URL. For example, http://localhost:8080/playground2/oauth2client. 
    6. Click Add.
    7. The OAuth Client Key and OAuth Client Secret will now be visible.
  6. Send the grant request to the /token API using a cURL command.
    1. The HTTP POST body must contain the following two parameters: grant_type=mobile and mobileNumber.

      Code Block
      grant_type=mobile&mobileNumber=0333444
    2. Replace clientid:clientsecret with the OAuth Client Key and OAuth Client Secret respectively and run the following sample cURL command in a new terminal window. 

      Code Block
      curl --user clientid:clientsecret -k -d "grant_type=mobile&mobileNumber=0333444" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
    3. You will receive the following JSON response with the access token.

      Code Block
      {"token_type":"bearer","expires_in":2823,"refresh_token":"26e1ebf16cfa4e67c3bf39d72d5c276","access_token":"d9ef87802a22cf7682c2e77df72c735"}

...