IBM Security Verify

 View Only
Expand all | Collapse all

Include custom claims for API Clients in `/introspection` response from Verify SaaS

  • 1.  Include custom claims for API Clients in `/introspection` response from Verify SaaS

    Posted 30 days ago

    We are using Verify SaaS to manage a number of API clients. Each client has some unique properties that we are contemplating storing in Verify.

    Is there a way to include the values we define under Addition Properties into the `/introspection` response? We're basically looking for a solution similar to what's described in the link below, but we need a solution for Verify SaaS:

    https://community.ibm.com/community/user/security/discussion/oidc-inrospect-customization



    ------------------------------
    Timothy
    ------------------------------


  • 2.  RE: Include custom claims for API Clients in `/introspection` response from Verify SaaS

    Posted 28 days ago

    Hi Timothy,

    This is currently not possible in Verify SaaS. It sounds like what you want is introspect mapping to be available for API clients. Currently it is only available for OIDC applications and is not executed when you perform a client credentials flow https://www.ibm.com/docs/en/security-verify?topic=cssiocoba-openid-connect-introspect-id-token-user-info-mapping 

    I suggest you open a RFE for this if you need it. 



    ------------------------------
    Victor Soon
    ------------------------------

    Original Message