By: Lukasz Golinski named 10 Feb 2022 at 9 a.m. CST

6 Responses
Lukasz Golinski gravatar
Hi, I would like to ask what are the possibilities of the idToken update during the authentication process. We have two use cases we would like to address. * we would like to dynamically updated the amr claim in the idToken (currently it is bound to ACR script level property) * we would like also to be able to change the acr claim (this is required for the FTN Profile Compatibility) Is there a way to modify it from the person authentication script, or in some other way? Thank you in advance for the response on that matter.

By Aliaksandr Samuseu staff 10 Feb 2022 at 10:41 a.m. CST

Aliaksandr Samuseu gravatar
Hi, Lukasz. In 4.3 we now have a custom script of "update token" type. It should allow to manipulate any claims of JWT token, including it_token, though I personally haven't tried to update `acr` or `amr` claims with it. @Yuriy.Zabrovarnyy , should this be possible with this kind of script?

By Aliaksandr Samuseu staff 10 Feb 2022 at 10:44 a.m. CST

Aliaksandr Samuseu gravatar
This if for OpenBanking platform, but seems like the code is the same, or similar enough, and it shows how you can change values of some claims: https://gluu.org/docs/openbanking/1.0.0/scripts/update-token/

By Yuriy Zabrovarnyy staff 10 Feb 2022 at 11:04 a.m. CST

Yuriy Zabrovarnyy gravatar
Yes, it's true with `UpdateTokenType` you have full access (CRUD) to ID Token claims.

By Aliaksandr Samuseu staff 10 Feb 2022 at 11:06 a.m. CST

Aliaksandr Samuseu gravatar
Thanks, Yuriy. Lukasz, could you give it a try, and let us know how it goes?

By Lukasz Golinski named 11 Feb 2022 at 3:49 a.m. CST

Lukasz Golinski gravatar
This approach works fine. This is what we were looking for. Thank you.

By Aliaksandr Samuseu staff 11 Feb 2022 at 9:40 a.m. CST

Aliaksandr Samuseu gravatar
You're welcome, glad it helped. Closing the ticket then.