Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Deploying artifacts 

  • Place the org.wso2.carbon.identity.oauth2.grant.jwt-1.0.0.jar downloded from store in the <IS_HOME>/repository/component/dropins directory.
  • To register the JWT grant type, configure the <IS_HOME>/repository/conf/identity/identity.xml file by adding a new entry under the <OAuth><SupportedGrantTypes> element. Add a unique identifier between the <GrantTypeName> tags as seen in the code block below.

    <SupportedGrantType>
        <GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
        <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler</GrantTypeHandlerImplClass>
        <GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
    </SupportedGrantType>
  • Restart the server.

Configure the JWT grant type

  1. Sign in to the WSO2 Identity Server. Enter your username and password to log on to the Management Console
  2. In the Identity Providers section under the Main tab of the management console, click Add.
  3. Give issuer name(which is used to generate the JWT token) as the name for Identity Provider Name and add the Public Certificate for you Identity Provider. See   Adding a new identity provider for more information.
  4. Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
  5. Fill in the Service Provider Name and provide a brief Description of the service provider. See Adding a Service Provider for more information.
  6. Expand the OAuth/OpenID Connect Configuration and click Configure.
  7. Enter a callback url for example http://localhost:8080/playground2/oauth2client and click Add.
  8. The OAuth Client Key and OAuth Client Secret will now be visible.

The flow

The cURL commands below can be used to retrieve access token and refresh token using a JWT.

 

Response
curl -i -X POST -u <clientid>:<clientsecret> -k  -d 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=<JWT>'  -H 'Content-Type: application/x-www-form-urlencoded' https://localhost:9443/oauth2/token 

 

 

Request
curl -i -X POST -u <clientid>:<clientsecret> -k  -d 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=<JWT>'  -H 'Content-Type: application/x-www-form-urlencoded' https://localhost:9443/oauth2/token

 

You will receive a response similiar to the format below. 

Response
{"token_type":"Bearer","expires_in":3600,"refresh_token":"b1b4b78e2b0ef4956acb90f2e38a8833","access_token":"615ebcc943be052cf6dc27c6ec578816"} 
  • No labels