Skip to content

unwanted "upd" claim in JWT - Oracle IDCS/IAM Domains having problems  #5151

New issue
New issue
Open
#9640
Open
unwanted "upd" claim in JWT - Oracle IDCS/IAM Domains having problems #5151
#9640
Labels
2.xIssues for 2.x version branchP4enhancementNew feature or requestsecurity
@FWiesner

Description

@FWiesner
FWiesner
opened on Oct 11, 2022

helidon/security/jwt/src/main/java/io/helidon/security/jwt/Jwt.java

Lines 273 to 275 in 84123e8

this.userPrincipal = JwtUtil.getString(payloadJson, "upn")
.or(() -> preferredUsername)
.or(() -> subject);

These lines enforce that a JWT contains the claim upd. Unfortunately it is impossible to suppress this behavior. When you look at https://docs.oracle.com/en/cloud/paas/identity-cloud/rest-api/ClientAssertion.html, you see JWTs that Oracle IDCS/IAM Domains would expect. With the lines above the request will always fail as extra/unexpected claims lead to rejection

Metadata

Metadata

Assignees

No one assigned

    Labels

    2.xIssues for 2.x version branchP4enhancementNew feature or requestsecurity

    Type

    No type

    Projects

    Backlog

    Status

    Low priority

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions