Hi Sachin,
Depending on the version of the OTK Toolkit you are using you might notice that
OTK grant_type=PASSWORD will become read-only in the next release which means your customization will not work.
As far as we look at OIDC standard we do not have id token for password grant type as the app is verifying on behalf of the user and there is no need to validate the user, but saying that we had to deploy it for one of our customers.
We achieved this by the following
1. In token endpoint add an expression (NOTE: This will be updated during every OTK upgrade so you will have to apply this change whenever you upgrade)
------------------------------
Pre-Sales Consultant
CA Southern Africa
------------------------------
Original Message:
Sent: 05-12-2020 01:03 PM
From: Sachin Ghumbre
Subject: OIDC (id_token) with password grant type policy example
Based on business requirement, we have to implemented OIDC with grant type=password. One of the change I know is we have to add password as supported grant type in #OTK openid grant_type_supported policy.
Apart from this, in token endpoint, we have to add assertions' code specific to id_token generation. So I copied it from authorization grant type and added/customized in OTK grant_type=PASSWORD policy. However we are getting errors, one of them is "missing or duplicate parameters".
It will be really helpful if we can get already implemented policy xml files where id_token generation for password grant type is implemented.
------------------------------
Technology Lead
Infosys Limited
------------------------------