Message Image

Skip main navigation (Press Enter).

Layer7 API Management

View Only

Back to discussions

Expand all | Collapse all

Need help regarding the JWT ID Token

Jump to Best Answer

ROHAN SINHAMay 15, 2020 11:43 AM

Hi, I have a business requirement where I need to use Open ID with Oauth2.0. So I was able to generate ...

Barry SternJun 01, 2020 11:24 AMBest Answer

Hello, it is the JWT access_token that is used for accessing services on the resource server.------------------------------------------- ...

1. Need help regarding the JWT ID Token

0 Recommend
ROHAN SINHA
Posted May 15, 2020 11:43 AM

Reply Reply Privately
Hi,

I have a business requirement where I need to use Open ID with Oauth2.0. So I was able to generate a JWT ID Token, JWT Access Token and a refresh token post authenticating the end user. Then I am sending the JWT ID, JWT Access and the refresh token back to the client application as a succesfull response.

But here I am a bit confused. So during the actual service request will the client application sent the Gateway both the JWT Access Token (part of Oauth2.0 validation) and JWT ID Token (part of OpenID)? Or will it be, only the JWT Access token sent with the service request for validation. I am not very much aware about the exact industry protocol regarding this.

If the client is supposed to sent the JWT ID token as well, how (what is the policy/ assertions) to validate that in the Gateway.

Please help me out on these 2 queries.

------------------------------
Thanks and Regards,
Rohan Sinha
[Technology Analyst]
[Infosys Limited]
------------------------------
2. RE: Need help regarding the JWT ID Token
Best Answer

0 Recommend
Broadcom Employee

Barry Stern
Posted Jun 01, 2020 11:24 AM

Reply Reply Privately
Hello,

it is the JWT access_token that is used for accessing services on the resource server.

Original Message

Copyright 2019. All rights reserved.

Powered by Higher Logic