In this blog post lets discuss how you can retrieve user profile and view attributes of a user using only the OAuth token in WSO2 Identity server. I assume that reader is familiar with WSO2 identity server and if you need more help you can follow the documentation at http://docs.wso2.org/wiki/display/IS400/WSO2+Identity+Server+Documentation
1) Change the CARBON_HOME/repository/conf/identity.xml and make following attribute true. Then start the WSO2 Identity server.
<AuthorizationContextTokenGeneration>
<Enabled>true</Enabled>
<TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
<ClaimsRetrieverImplClass>org.wso2.carbon.identity.oauth2.authcontext.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<AuthorizationContextTTL>15</AuthorizationContextTTL>
</AuthorizationContextTokenGeneration>
2) Get the oauth Token ( you need to get the base64 encoded value for (client id:client secret) value.
You can use an online service for encoding such as http://www.base64encode.org/
and then issue following CURL command to obtain the access token. (make sure you have the correct port in the server URL)
http://charithaka.blogspot.com/2013/06/invoking-wso2-carbon-admin-services.html on how to invoke admin services using SOAP UI.
We shall now invoke the following service.
https://localhost:9443/services/OAuth2TokenValidationService
Request
curl -v -X POST -H "Authorization: Basic VE01enNFem9FZG9NRERjVEJjbXRBcWJGdTBFYTpYUU9URExINlBBOHJvUHJfSktrTHhUSTNseGNh" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=password&username=admin&password=admin" https://localhost:9443/oauth2endpoints/token
http://charithaka.blogspot.com/2013/06/invoking-wso2-carbon-admin-services.html on how to invoke admin services using SOAP UI.
We shall now invoke the following service.
https://localhost:9443/services/OAuth2TokenValidationService
Request
Response
Now you will be getting the authorization context token which is encoded in base64 and delimited with "." values. Middle part will contain the user profile value and we can get it decoded using http://www.base64decode.org/
<ax2303:tokenString>eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNMlpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBPT0ifQ==.eyJpc3MiOiJodHRwOi8vd3NvMi5vcmcvZ2F0ZXdheSIsImV4cCI6MTM3NDE2NDYzMDE4MiwiaHR0cDovL3dzbzIub3JnL2dhdGV3YXkvc3Vic2NyaWJlciI6ImFkbWluIiwiaHR0cDovL3dzbzIub3JnL2dhdGV3YXkvYXBwbGljYXRpb25uYW1lIjoiTXlBcHBsaWNhdGlvbiIsImh0dHA6Ly93c28yLm9yZy9nYXRld2F5L2VuZHVzZXIiOiJhZG1pbiIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FjY291bnRMb2NrIjoiZmFsc2UiLCAiaHR0cDovL3dzbzIub3JnL2NsYWltcy9jaGFsbGVuZ2VRdWVzdGlvbjEiOiIxMjM0NDUiLCAiaHR0cDovL3dzbzIub3JnL2NsYWltcy9jaGFsbGVuZ2VRdWVzdGlvbjIiOiI0NTY3NTYiLCAiaHR0cDovL3dzbzIub3JnL2NsYWltcy9jaGFsbGVuZ2VRdWVzdGlvblVyaXMiOiJteVRva2VuMiIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VtYWlsYWRkcmVzcyI6ImFkbWluQHdzbzIuY29tIiwgImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZnVsbG5hbWUiOiJhZG1pbiIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2dpdmVubmFtZSI6ImFkbWluIiwgImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvbGFzdG5hbWUiOiJhZG1pbiIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL3JvbGUiOiJhZG1pbixldmVyeW9uZSJ9.IUpGsH149iJDcn/UWYdGBrAoTNOZiUdI3X7QMXqVt+ss5rOOlDeB5bgz0Q3Y4SKh+H4PBkvlLd0/WAlbuvTi9Zj/G/QupenQpqYKulOFihUMNHiWRUgFT5BvfATVMsvqO/023BFprhdDShuPlpI9pJAEeuvmUiRIBPVVeoj09Ec=</ax2303:tokenString>
<ax2303:tokenType>JWT</ax2303:tokenType>
Following is the output of the decoded value which has the user profile details of the user who generated the OAuth access token.
Thanks, that was very helpful.
ReplyDeleteIs it possible for WSO2 IS to generate the JWT as the access token? Because then we can avoid another round trip to the WSO2 IS for token validation...
ReplyDeleteAs asked by squanderer, I would be interested in getting back directly the JWT.
ReplyDeleteDid anyonme manage to do it ?
Thanks for this article.
ReplyDeleteAs asked by squanderer, and another reader, is it possible to get back directly the JWT ? (in a bearer mode)
Aivvu chuyên vé máy bay, tham khảo
ReplyDeletevé máy bay đi Mỹ bao nhiêu
cách săn vé máy bay giá rẻ tết 2021
vé máy bay đi Canada vietnam airline
vé máy bay đi Pháp khứ hồi
mua vé máy bay đi Anh
trang web vé máy bay giá rẻ
combo du lịch đà nẵng tháng 7
combo du lịch nha trang đà lạt
Đặt vé máy bay tại Aivivu, tham khảo
ReplyDeletevé máy bay đi Mỹ bao nhiêu
có chuyến bay từ mỹ về việt nam
vé máy bay giá rẻ đi Los Angeles
từ canada về việt nam quá cảnh ở đâu
Cybersecurity is a bigger picture that shows us that it is crucial to solve that puzzle; rather than finding two-three massive pieces and relying on those to complete the picture. Computer Forensics Analyst Career Overview
ReplyDeleteWhile the topic of obtaining a user profile through OAuth Token using JWT headers is outside the scope of "nursing dissertation topics," it is essential to explore relevant themes in nursing research. Areas like patient care, healthcare technologies, nursing education, or mental health interventions offer exciting avenues for nursing dissertation topics, contributing to advancements in the field and enhancing patient outcomes.
ReplyDeleteTo retrieve a user profile using OAuth Token and JWT headers, ensure your application is configured to validate and decode JWT tokens. Extract the user identifier from the decoded token and use it to fetch the corresponding user profile from your user database or the identity provider's API. Implementing proper error handling is crucial for a secure and reliable system. For comprehensive guidance on OAuth token usage and user profile retrieval, consider consulting relevant documentation or seeking argumentative essay help to analyze and present the intricacies of the topic in a structured manner.
ReplyDeleteNice post. Thank you to provide us this useful information. jen jacob jacket
ReplyDelete