OAuth Policy to Generate and Validate the oauth JWT Token

AbhishekAw · September 18, 2023, 6:04pm

Hi Team

We are using below operation to generate the token using Oauth2.0 Policy

GenerateJWTAccessToken client_credentials RS256 3600000

and the Verify we are using

VerifyJWTAccessToken RS512

So may question is can we generate the “GenerateJWTAccessToken” with custom claims as we can do in generateJWT policy, Also can we validate custom claims as well in VerifyJWtAccessToken in OAuthv2.0 policy.

Please provide some guidance here

@dchiesa1

dchiesa1 · September 18, 2023, 8:03pm

No; you cannot add custom, arbitrary claims to a token generated in that way.

If you want to include custom arbitrary claims, then I suggest that you do not use the OAuthV2 policy. Instead:

GenerateJWT for generation, and add in the client_id of the calling app, as well as any custom claims
VerifyJWT for verification + VerifyAPIKey on the client_id.

Topic		Replies	Views
Acting as Openid connect provider with Apigee Edge Apigee api-runtime	2	3	July 24, 2019
POC on JWT for generate and verify the JWT tokens Apigee apigee-x	1	10	March 14, 2024
How can I use Edge to use a JWT as the value of the OAuth token? Apigee api-runtime	3	1	November 29, 2017

OAuth Policy to Generate and Validate the oauth JWT Token

AI Suggested topics