Dynamic User Attributes Configured In Resource Server Are Not Included In The OAuth Tokens

(Doc ID 2397600.1)

Last updated on MAY 25, 2018

Applies to:

Oracle Mobile and Social - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms



Configured a new OAuth Resource Server, configured a set of Dynamic Attributes, such as to be included in the Access Token (or Refresh Token).

When the client receives it's tokens, there are no additional attributes in the Tokens ...


----------------------

- Reproduced issue on spreda78 using hrportal application

- mail is set like dynamic attribute in resource server, I login with user.0
i.e. dn: uid=user.0,ou=People,dc=oud,dc=oracle,dc=com

this is access token

{"expires_in":3600,"token_type":"Bearer","access_token":"eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVC.....text omited ......0NgB0f7so3y3bqZR-BkWlh_SHGbfqT0a2uRQUHZocFCxAEREvpmunrICPw24f6KU75IF5YtayGHMKcS7a7ptmBvDmlrapd-byZU0qEnI"}

decoded it on https://jwt.io/ it contain

{
"sub": "user.0",
"oracle.oauth.user_origin_id_type": "LDAP_UID",
"oracle.oauth.user_origin_id": "user.0",
"iss": "www.oracle.example.com",
"oracle.oauth.svc_p_n": "OAuthServiceProfile",
"iat": 1517493749,
"oracle.oauth.prn.id_type": "LDAP_UID",
"oracle.oauth.tk_context": "resource_access_tk",
"exp": 1517497349,
"prn": "user.0",
"jti": "78b301d0-a687-4904-b7ec-f6b9d5f3e337",
"oracle.oauth.client_origin_id": "2c3e743ff9884fb5a4a5d0f4d2106356",
"oracle.oauth.scope": "ACMECandidateProfileService.http://spreda78:8005/acme/rest/services/profiles/position",
"user.tenant.name": "DefaultDomain",
"oracle.oauth.id_d_id": "12345678-1234-1234-1234-123456789012"
}

> there is no mail attribute

Changes

 Configure Dynamic Attributes in Resource Server

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms