Hello Kirill
it's as simple as add a section in the post token mapping rule for request type introspect...
for example the following section at the end of the post token map rule
if(request_type == "introspect") {
stsuu.addContextAttribute(new Attribute("cippo", "urn:ibm:names:ITFIM:oauth:response:attribute", "lippo"));
}
will add the "cippo" attribute with fixed value when doing introspect
{
"scope": "openid email",
"active": true,
"token_type": "bearer",
"exp": 1594628440,
"cippo": "lippo",
"iat": 1594624930,
"client_id": "client-9060",
"username": "pippo"
}
of course you need to have the same logic as above article to retrieve the proper attributes/values
------------------------------
Gianluca Gargaro
IBM
Roma
------------------------------
Original Message:
Sent: Fri July 10, 2020 06:57 AM
From: Kirill N
Subject: OIDC inrospect customization
Hello,
We need to get custom atributes on /introspect endpoint. Something like "employeetype","mail".
I can add atributes to /token and /userinfo endpoint, like there: https://community.ibm.com/community/user/security/blogs/javier-arjona-sanchez1/2019/06/04/isam-oidc-custom-scopes-and-custom-claims
But don`t understand, how do it on /introspect.
Anyone can help?
------------------------------
Kirill N
------------------------------