Custom Claim Provider
Writing a custom claim provider¶
The OBClaimProvider
class is an extension that lets you customize and create your own claim provider and add
additional claims to the authorization and/or token responses. You can add any claims according to your open banking
requirements.
com.wso2.openbanking.accelerator.identity.claims.OBClaimProvider
To customize claims, override relevant methods of this class. Given below is a brief description of each method.
getAdditionalClaims method - Authorization response¶
This method lets you add additional claims to the authorization response. Given below is the method signature.
@Override
public Map < String, Object > getAdditionalClaims(OAuthAuthzReqMessageContext authAuthzReqMessageContext,
OAuth2AuthorizeRespDTO authorizeRespDTO)
throws IdentityOAuth2Exception;
Click here to see a sample implementation:
Given below is a sample implementation of the getAdditionalClaims
method. You can add the required claims to a
map and return it as follows:
@Override
public Map < String, Object > getAdditionalClaims(OAuthAuthzReqMessageContext authAuthzReqMessageContext,
OAuth2AuthorizeRespDTO authorizeRespDTO)
throws IdentityOAuth2Exception {
Map < String, Object > claims = new HashMap < > ();
//auth_time claim indicates the time when authentication occurs
claims.put(AUTH_TIME_CLAIM, authAuthzReqMessageContext.getCodeIssuedTime());
return claims;
}
getAdditionalClaims method - Access token response¶
This method lets you add additional claims to the access token response. Given below is the method signature.
@Override
public Map < String, Object > getAdditionalClaims(OAuthTokenReqMessageContext tokenReqMessageContext,
OAuth2AccessTokenRespDTO tokenRespDTO)
throws IdentityOAuth2Exception;
Once implemented, build a JAR file for your custom claim provider and place it in the
<IS_HOME>/repository/components/dropins
directory.
Configuring a custom claim provider¶
- Open the
<IS_HOME>/repository/conf/deployment.toml
file. - Add the following tags and configure your custom claim provider using its Fully Qualified Name (FQN) :
[open_banking.identity.extensions]
claim_provider="com.wso2.openbanking.accelerator.identity.claims.OBDefaultClaimProvider"
Configuring Claims for an Identity Provider¶
Configuring claims for an identity provider involves mapping the claims available in the identity provider to claims that are local to the WSO2 Identity Server. This is done so that the Identity Server can identify the user attributes in the response sent from the identity provider.
For more information, see Configuring Claims for an Identity Provider in WSO2 Identity Server documentation.
Top