Customize OAuth tokens by updating the sample PreTokenGeneration mapping rule

We can customize the format of the tokens that are issued by your OAuth definition. The OAuth tokens can be customized by modifying the sample PreTokenGeneration mapping rule. Enable the PreTokenGeneration mapping rule on the appliance by setting the variable enable_custom_tokens to true. When custom token formats are used, the tokens must remain unique. Otherwise, users might become authenticated with another user's credential. Thus, IBM recommends that custom tokens always contain a nonce of reasonable entropy. To customize the authorization code, insert a context attribute into the STSUU with the type...

...and the name...

The provided value will be used as the authorization code if an authorization code would have been issued in this request. To customize the access token, insert a context attribute into the STSUU with the type...

...and the name...

The provided value will be used as the access token if an access token would have been issued as part of this request. To customize the refresh token, insert a context attribute into the STSUU with the type...

...and the name...

The provided value will be used as the refresh token if a refresh token would have been issued as part of this request.

To customize the device code, insert a context attribute into the STSUU with the type...

...and the name...

To customize the user code, insert a context attribute into the STSUU with the type...

...and the name...

The provided value will be used as the user_code in the device flow. Customizing the user_code is particularly important, as the end user will be required to key this into a user agent -potentially on a mobile device, where entering long strings can be cumbersome. There is an out of the box example of this configured be default to make the format of the user code xxxx-xxxx.


Parent topic: Mapping rules for OAuth and OIDC