Retrieving JWT Token with Claim
When you retrieve a JWT token for a particular application, the application is authenticated using the application identifiers provided in the request, such as, APIKey, Username, or Host name, and then a token is generated with application ID as a subject.
For example, consider multiple developers using an application to retrieve an access token. In such a scenario, each user can have a claim that can be used to identify the user who made a particular transaction.
Before you begin:
You must configure
API Gateway as a JWT issuer. If it is not set as a JWT issuer, you can configure it by navigating to
Administration > Security > JWT/OAuth/OpenID > JWT Configuration in
API Gateway.
You must have an application.
To retrieve a JWT token with claim 1. Open your REST client.
2. Make a POST call to the following URL, with the hostname of the system where API Gateway is installed in place of localhost:
http://localhost:5555/gateway/security/getJsonWebToken
3. Copy the API access key of the application present uder the Application details section.
4. Pass the access key as an endpoint in the REST client.
5. Provide your claim identifiers in the Request section:
{ "claimsSet": { "identifier": "value"} }
For example,
{ "claimsSet": { "name": "username", "company": "organization" } }
Note:
Before invoking this service, ensure that the authorization server is configured and the scope mapping is done.
The access token is displayed in the Response section. The subject claim of the token generated by making a POST call is the ID of the identified application.
The subject claim of the token generated is the application ID. The audience is the value configured in the authorization server preceded with the application ID. The issuer is the values configured in the authorization server.