How to retrieve short for subject in Oauth2 accesstoken

Google Cloud Apigee
1

Hi Team,

I am setting the custom attribute related to userinfo in generate access token policy(oauth2).

EX:

I am able to retrieve the above custom attribute info by using getoauthinfo policy.

ex: {

“given_name”:“abc”,

“family_name”:“xyz”,

email":"abc@gmail.com

}

But I want to retrieve Sub value also(sub means short for subject).

ex: {

“Sub”:“12341234123412341”, how can I retrieve the sub vlaue?

“given_name”:“abc”,

“family_name”:“xyz”,

email":"abc@gmail.com

}

Sub":“12341234123412341”, how can I retrieve the sub vlaue?

Thanks,

Kumar.

2

@kumar , What do you mean sub value ? Is it access token attribute ? How are you setting this value ?

3

I have the same question!

Kumar, “sub” is an attribute name that is often used in a JWT, especially when the JWT is an id token. It identifies the subject of the token.

But when you are using the OAuthV2 policy with GenerateAccessToken operation, you are not creating a JWT. It is an opaque token. True, those attributes do get returned to the caller (the client) in the token response, … in a JSON payload. And that JSON can kindof look like a JWT payload. Like this:

  
    {
     "issued_at": "1420262924658",
     "scope": "READ",
     "refresh_token_issued_at": "1420262924658",
     "status": "approved",
     "refresh_token_status": "approved",
     "api_product_list": "[PremiumWeatherAPI]",
     "expires_in": "1799",
     "given_name": "Dino",
     "family_name": "Valentino",
     "email": "dchiesa@google.com",
     "token_type": "BearerToken",
     "refresh_token": "fYACGW7OCPtCNDEnRSnqFlEgogboFPMm",
     "client_id": "5jUAdGv9pBouF0wOH5keAVI35GBtx3dT",
     "access_token": "2l4IQtZXbn5WBJdL6EF7uenOWRsi",
     "refresh_token_expires_in": "86400",
    }
<br>

But it isn’t a JWT. The token itself is just an opaque string. And those other properties are just… data.

Unless you attach a custom attribute called “sub”, then there will be no “sub” attribute attached to the token when it is created, and no “sub” property in the response JSON.

I mean you need something like this:

<Attribute name="sub" display="true" ref="variable-containing-subject"/>

…and of course you need to make sure the variable-containing-subject contains the information you want to attach to the token.