By: Sean Kelly user 24 Aug 2020 at 12:09 a.m. CDT

11 Responses
Sean Kelly gravatar
I want to add extra name value pairs to the JWT payload that I retrieve when using the client_credentials flow. I'd like to add things to the client and retrieve them such as alternative IDs. Is this possible? ``` { "aud": "884d8d, "sub": "LXb__8HFr2", "x5t#S256": "", "scope": [ "user_name" ], "iss": "https://", "token_type": "bearer", "exp": 1598238971, "iat": 1598238671, "client_id": "884d" "alternative_id": "12698369" // Such as this, that I can store aganist the client in the AS } ```

By Mohit Mali staff 24 Aug 2020 at 1:13 a.m. CDT

Mohit Mali gravatar
hi Sean, You can do the custom claim in OIDC flow by following this document https://gluu.org/docs/gluu-server/4.0/admin-guide/attribute/#custom-attributes 1. Add attribute to LDAP schema 2. Add this attribute to LDAP objectclass 3. Register Attribute in oxTrust 4. Create a custom scope 5. Add Attribute to custom scope 6. Release scope to OpenID Client Thanks and Regards Mohit Mali

By Sean Kelly user 24 Aug 2020 at 3:48 p.m. CDT

Sean Kelly gravatar
Awesome thanks, how do you do step 6? Release scope to OpenID Client? Thanks!

By Sean Kelly user 24 Aug 2020 at 4 p.m. CDT

Sean Kelly gravatar
Also, where can I edit the value of the new attribute for each client?

By Sean Kelly user 24 Aug 2020 at 4:14 p.m. CDT

Sean Kelly gravatar
How would I do this with the Client Name?

By Sean Kelly user 25 Aug 2020 at 12:41 a.m. CDT

Sean Kelly gravatar
I'm really struggling with this. Can you actually return claims when getting the JWT for the client? Or only when getting the JWT for a user?

By Sean Kelly user 25 Aug 2020 at 3:46 a.m. CDT

Sean Kelly gravatar
Spent about 8 hours trying to get this to work today. Not really sure how to do it.

By Mohit Mali staff 25 Aug 2020 at 4:12 a.m. CDT

Mohit Mali gravatar
Hi Sean Kelly, ok now please let me know the current status what you have done or try so far in which step you stuck. Thanks and Regards Mohit Mali

By Sean Kelly user 25 Aug 2020 at 4:18 a.m. CDT

Sean Kelly gravatar
For now I'm just trying is get the Clients display name in Gluu to be returned. I can't find anything documented. I tried using introspection scripts, but not having too much luck finding the right object. I tried going through all the screens in Gluu looking for the right thing to click on. I read and reread the documentation. I couldn't find a way. Also I couldn't find mention to "Release scope to OpenID Client" documented, not sure what it means in this context?

By Mohit Mali staff 25 Aug 2020 at 5:05 a.m. CDT

Mohit Mali gravatar
Hi Sean Kelly, You need to create scope to create the scope do the following. ``` 1) Inside oxTrust admin go to 2) OpenIDConnect -> scope 3) click on add scope 4) enter scope name and selct scope type to OpenID 5) select claims in this section search for your custom attribute. 6) click on add to create scope ``` To release the scope to OpenID client do the following ``` 1) Inside oxTrust admin go to 2) OpenIDConnect -> client 3) select your client or create new 4) click on scope and select your custom scope you created earlier. ``` Thanks and Regards Mohti Mali

By Sean Kelly user 25 Aug 2020 at 5:08 a.m. CDT

Sean Kelly gravatar
Thanks. I've done that but I don't get any additional name value pairs in the client token. Does it only work for user tokens?

By Mohit Mali staff 26 Aug 2020 at 4:28 a.m. CDT

Mohit Mali gravatar
hi Sean, I still not sure what does he mean under client JWT ? did you mean id_token returned from Token Endpoint with grant_typ=client_credentials ? thanks and regards Mohit Mali