Remove Access Token Attirbutes

Tagged: ,

This topic has 5 replies, 4 voices, and was last updated 4 weeks ago by Scott Heger.

  • Author
    Posts
  • #28155
     ray.deng83
    Participant

    Is it possible to remove attributes which I don’t want in JWT access token for OAuth2?

    For example, here is a list of attributes returned in Access Token:

    {
    “sub”: “le-test-client”,
    “cts”: “OAUTH2_STATELESS_GRANT”,
    “auditTrackingId”: “97d468d0-0d4b-455a-bb3e-d79bc48ca104-3772”,
    “iss”: “http://openam.example.com:8080/openam/oauth2/le-test”,
    “tokenName”: “access_token”,
    “token_type”: “Bearer”,
    “authGrantId”: “W7A98A_iz2-80ctdOYEp4-HNMJ0”,
    “aud”: “le-test-client”,
    “nbf”: 1596454927,
    “grant_type”: “client_credentials”,
    “scope”: [
    “profile”
    ],
    “auth_time”: 1596454927,
    “realm”: “/le-test”,
    “exp”: 1596458527,
    “iat”: 1596454927,
    “expires_in”: 3600,
    “jti”: “dCxV6LAsAzGY3Jnl6y65dm7Si38”,
    “uid”: [],
    “client_id”: “le-test-client”
    }

    can I remove “cts”, “realm” and so on? Thanks.

    Best,
    Le

    #28156
     Brad Tumy
    Participant

    Ray,

    Take a look at the access token modification script. You should be able to do what you want there.

    Brad

    #28158
     ray.deng83
    Participant

    Yep, the access token modification script has the token.setField function to add/update attribute, which I can use to mask any attribute that I don’t want to expose. Yet, I’m wondering whether there is a function I can call directly removing the attribute. Wasn’t able to find that in the Doc.

    Best,
    Le

    #28162

    Further to Brad’s answer, please take a look at the API for AccessToken. It’s an interface and a set of methods are available which you could call directly. E.g. removeRealm(). Please do test carefully as changing native fields may result in loss of functionality as mentioned in the API docs.

    Hope this helps!

    #28167
     ray.deng83
    Participant

    Got it. API for AccessToken helps. Thanks.

    #28228
     Scott Heger
    Participant

    I gotta ask the question…..why do you want to remove those?

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?