-
Notifications
You must be signed in to change notification settings - Fork 0
Backend App
Alexander Koglin edited this page Oct 18, 2016
·
1 revision
The WSO2 API Manager does not seem to be standardized. The default "Authorization" Header is named "X-JWT-Assertion" for the JWT Token. In addition the expiry date is always set to the date of creation and it is not possible to use signatures.
TODO: We already get the token and parse it into a Map<String, Object> at JwtAuthenticationTokenFilter.java. These fields need to be connected to the user class. (example)
Before creating an API you have to enable the usage of JWT in <APIM_HOME>/repository/conf/api-manager.xml by uncommenting following line: <EnableTokenGeneration>true</EnableTokenGeneration>
More detailed information can be found here: Passing Enduser Attributes to the Backend Using JWT