jwtwso2wso2-api-manageruser-profile

get user profile information in gateway JWT generator WSO2 apim

I fail to pass the user's profile info to the backend.

Firstly i read this and i've extendend the JWTGenerator and the ClaimRetriver with the aim to get the user info. The problem is that this classes never be called, because my API calls dosen't use opaque Token. So i've tried to get the user profile info from the CustomGatewayGenerator, but i failed (can't extract from the JWTInfoDto argument). What can i do to use the JWT generator instead of the Gateway's one or can i get the user profile info from the gateway generator?

Here i put some specific info:
this the relevan part of my deployment.toml

[apim.jwt]
enable = true
generator_impl = "org.wso2.carbon.test.CustomTokenGenerator"
enable_user_claims = true
claims_extractor_impl="org.wso2.carbon.test.CustomGatewayJWTGenerator"


[apim.jwt.gateway_generator]
impl = "org.wso2.carbon.test.CustomGatewayJWTGenerator"

this is my customTokenGenerator class (i follow this article to know how to get user profile info):

public class CustomTokenGenerator extends JWTGenerator {
    public Map<String, String> populateStandardClaims(TokenValidationContext validationContext) throws APIManagementException {
        Map<String, String> claims = new LinkedHashMap(20);
        return claims;
    }

    public Map<String, String> populateCustomClaims(TokenValidationContext tokenValidationContext) throws APIManagementException {
        ClaimsRetriever claimsRetriever = this.getClaimsRetriever();
        String tenantAwareUserName = tokenValidationContext.getValidationInfoDTO().getEndUserName();
        SortedMap<String, String> map = claimsRetriever.getClaims(tenantAwareUserName);
        return map;
    }
}

My problem is that the CustomTokenGenerator class is never called and from the CustomGatewayGenerator i can't get the info of the user's profile.

Thanks in advance!

Solution

  • Ok, i've resolved the problem. To return the profile info is sufficient add the corrispondent claims to server provider (https://localhost:9443/carbon), update openID scope with the claims that you need and then do the API request using the auth. code obtained by this request:

    curl -k -d "grant_type=password&username=<USERNAME>&password=<PASSWORD>&scope=openid" -H "Authorization: Basic <BASE64 ENCODED CONSUMER_KEY:CONSUMER_SECRET>, Content-Type: application/x-www-form-urlencoded" https://<GATEWAY_HOSTNAME>:<PORT>/token

    From my experience the JWT token passed to the backend have the basic claims plus the intersection of claims of the service provider and the claims inserted in the openID scope. You also have to edit the deployment.toml file:

    [apim.jwt]
enable = true
enable_user_claims = true