Grant Handlers

The WSO2 Identity Server provides OAuth Grant Handlers that are useful when you want to support an OAuth flow that is different from standard grant types. They validate the grant, scopes, and access delegation. For more information, see Identity Server documentation.

The following Grant Handlers in WSO2 Open Banking Accelerator are based on OAuth Grant Handlers. They let you modify the token response and define a data publishing logic for token related data.


This is an authorization code grant handler.



This is a client credentials grant handler.



This is a password grant handler.



This is a refresh grant handler.



When overriding the above Grant Handlers, do not override the issue method with the following method signature.

public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception;

Instead of overriding the issue method, use the executeInitialStep and publishUserAccessTokenData methods to cater to your requirements. Given below is a brief explanation of the methods you can use in the above Grant Handlers:

executeInitialStep method

This method lets you modify the token response and add any additional claims. Given below is the method signature.

public void executeInitialStep(OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO, OAuthTokenReqMessageContext tokReqMsgCtx);

publishUserAccessTokenData method

This method lets you add a data publishing logic. Given below is the method signature.

public void publishUserAccessTokenData(OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO);