Hi Dirk,
The ID Token will contain the ClientID in the "aud" claim attribute (see example below). The ClientID can be customized and renamed to a more user-friendly name in the OICD client configuration screen in the Admin UI.
If you need to, you can also use the Custom Claims plugin API to set additional claims based on the "aud" claim value.
Let me know if this helps.
Below is an IDToken example:
{
"sub": "user1",
"aud": "a9e8418f-5954-4142-aff6-5e0e3003774c",
"auth_time": 1571323296,
"iss": "https://<hostname>/affwebservices/CASSO/oidc/test",
"exp": 1571323709,
"iat": 1571323409
}
Original Message:
Sent: 09-30-2019 11:11 AM
From: Dirk Woywode
Subject: OIDC Custom Claims Plug-in
Hi all,
I got a request from a client to include the name of the calling application as a claim in the token during OIDC auhentication. Looking at the Custom Claims plugin API, i would have to access some session context to retrieve information about calling client application. However it seems to me that there is no API that give access to this context information. Is there any way to fulfill the requirement?
The only option i see at the moment is to this name as a parameter to the plugin. But this would require to create a provider for each client which doesn't seem very scalable.
Any thoughs are welcome.
Best regards,
Dirk