Configure an OpenID Connect Provider to accept JSON Web Tokens (JWT) for authorization grants

Configure an OpenID Connect Provider to accept JSON Web Tokens (JWT) for authorization grants

We can configure a Liberty profile server that acts as an OpenID Connect Provider to accept a JSON Web Token in exchange for an access token.

We can configure a Liberty profile server that acts as an OpenID Connect Provider to accept JSON Web Tokens by enabling the openidConnectServer-1.0 and ssl-1.0 features of the Liberty profile, in addition to other optional configuration information.

Ensure the ssl-1.0 and openidConnectServer-1.0 features are included in the feature manifest in server.xml.
<featureManager> <feature>ssl-1.0</feature> <feature>openidConnectServer-1.0</feature> </featureManager>

Optional: Configure a jwtGrantType element inside of the appropriate oauthProvider element. The jwtGrantType element is optional. If no jwtGrantType element is included, the default values for all attributes are used; for example:
<oauthProvider id="OAuthConfigSample" ...> <jwtGrantType clockSkew="5m" iatRequired="false" tokenMaxLifetime="120m" maxJtiCacheSize="10000"/> ... </oauthProvider>

For more JWT configuration options, see the section for the jwtGrantType element in the Configuration elements in server.xml topic.

Parent topic:
Configure an OpenID Connect Provider