JWT access_token

  • ccalentier

    (@ccalentier)


    9 years ago

    Hi,
    Is it possible to get an JWT formated access_token (as for id_token)
    The aim is to allow ressource server to validate access token (without authorization server request)
    Regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Justin Greer

    (@justingreerbbi)

    9 years ago

    Yes and No…. WP OAuth Server does support OpenID which uses JWT as a return. I say no because this forum is for the version you can download from .org.

    This free version does NOT support JWT’s (OpenID Connect) but the licensed version does.

    Thread Starter ccalentier

    (@ccalentier)

    9 years ago

    Hi Justin,
    Thanks for your feedback.
    The good news is I’ve got the licensed version 🙂
    But the problem is I didn’t find the way to get an access_token with JWT format…
    And the only token I succeeded to collect with JWT format is the id_token.

    Example :
    Request on authorization endpoint :
    https://xxx/oauth/authorize
    ?response_type=id_token token
    &client_id=xxx
    &redirect_uri=https://xxx/callback.html
    &scope=openid email profile
    &state=af0ifjsldkj
    &nonce=n-0S6_WzA2Mj HTTP/1.1

    Collecting access_token and id_token in URL :
    https://xxx/callback.html%20#access_token=08d52de3fce54d2955e926b62232e9b2f907b49e&expires_in=86400&token_type=Bearer&scope=openid+profile&state=af0ifjsldkj&id_token=XXXXXXX

    Could you please tell me how to get an access_token with JWT format?
    – OIDC configuration?
    – Specific parameters when calling authentication endpoint?
    – Other…?

    Regards,

    Cédric

    Plugin Author Justin Greer

    (@justingreerbbi)

    9 years ago

    Hi,

    Please open a ticket at https://wp-oauth.com/support to continue support for the pro version. The short of this is you need to validate the request using id_token and then pull the access token from request.

    When you create a ticket, it will benefit the issue if you provide why you are looking to customize the response outside its original purpose. I will try to be the assignee of the ticket to better help.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘JWT access_token’ is closed to new replies.