IdToken modification possibility
By: Lukasz Golinski Account Admin 10 Feb 2022 at 9 a.m. CST
Hi,
I would like to ask what are the possibilities of the idToken update during the authentication process. We have two use cases we would like to address.
- we would like to dynamically updated the amr claim in the idToken (currently it is bound to ACR script level property)
- we would like also to be able to change the acr claim (this is required for the FTN Profile Compatibility)
Is there a way to modify it from the person authentication script, or in some other way?
Thank you in advance for the response on that matter.
Answers
By Aliaksandr Samuseu staff 10 Feb 2022 at 10:41 a.m. CST
Hi, Lukasz.
In 4.3 we now have a custom script of "update token" type. It should allow to manipulate any claims of JWT token, including it_token, though I personally haven't tried to update acr or amr claims with it.
@Yuriy.Zabrovarnyy , should this be possible with this kind of script?
By Aliaksandr Samuseu staff 10 Feb 2022 at 10:44 a.m. CST
This if for OpenBanking platform, but seems like the code is the same, or similar enough, and it shows how you can change values of some claims: https://gluu.org/docs/openbanking/1.0.0/scripts/update-token/
By Yuriy Zabrovarnyy staff 10 Feb 2022 at 11:04 a.m. CST
Yes, it's true with UpdateTokenType you have full access (CRUD) to ID Token claims.
By Aliaksandr Samuseu staff 10 Feb 2022 at 11:06 a.m. CST
Thanks, Yuriy.
Lukasz, could you give it a try, and let us know how it goes?
By Lukasz Golinski Account Admin 11 Feb 2022 at 3:49 a.m. CST
This approach works fine. This is what we were looking for.
Thank you.
By Aliaksandr Samuseu staff 11 Feb 2022 at 9:40 a.m. CST
You're welcome, glad it helped. Closing the ticket then.
Post an answer
Warning
I have detected that you have been inactive for 10 minutes.
I got sleepy so I've taken a nap!
