search

wso2 / product-microgateway

Choreo Connect is a cloud-native, open-source, and developer-centric API gateway.
https://wso2.com/choreo/choreo-connect/
Apache License 2.0
294 stars 252 forks source link

Custom claim mapping for oauth jwt fails in APIM mode #2376

Closed suksw closed 2 years ago

suksw commented 2 years ago

Description:

$subject

Steps to reproduce:

  1. Add the claim mapping via admin protal -> Key Managers -> Resident Key Managers

    remote claim - foo
local claim - bar

  2. Create a valid signed (using keys similar to apim resident key manager) jwt with the claim "foo"

  3. Invoke the API from Devportal

  4. Read and decode the jwt received at the backend and check if the claim key foo has been renamed to bar

Claim mapping arrives at the adapter but the jwt claim received at the backend still has the remote claim.

Affected Product Version:

Environment details (with versions):

Optional Fields

Related Issues:

Suggested Labels:

Suggested Assignees:

suksw commented 2 years ago

Closing since we only support custom claim mapping for downstream requests (mapping done before validating the key at enforcer), and we support adding them via config.toml which successfully does the claim mapping. https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/choreo-connect/support-custom-claims-mapping/