Configuring an OpenID Connect Provider to accept JSON Web Tokens (JWT) for authorization grants

You can configure a Liberty server that acts as an OpenID Connect Provider to accept a JSON Web Token in exchange for an access token.

About this task

You can configure a Liberty server that acts as an OpenID Connect Provider to accept JSON Web Tokens by enabling the openidConnectServer-1.0 and ssl-1.0 features in Liberty, and in addition to other optional configuration information.

Procedure

  1. Ensure the ssl-1.0 and openidConnectServer-1.0 features are included in the feature manifest in the server.xml file.
    <featureManager>
        <feature>ssl-1.0</feature>
        <feature>openidConnectServer-1.0</feature>
    </featureManager>
  2. Optional: Configure a jwtGrantType element inside of the appropriate oauthProvider element. The jwtGrantType element is optional. If no jwtGrantType element is included, the default values for all attributes are used; for example:
    <oauthProvider id="OAuthConfigSample" ...>
        <jwtGrantType clockSkew="5m" iatRequired="false" tokenMaxLifetime="120m" maxJtiCacheSize="10000"/>
        ...
    </oauthProvider>

    For more JWT configuration options, see the section for the jwtGrantType element in the OpenID Connect Provider topic.


Icon that indicates the type of topic Task topic



Timestamp icon Last updated: Monday, 5 December 2016
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twlp_config_jwttoken
File name: twlp_config_jwttoken.html