Merge pull request #4718 from shashimalcse/jwt-claims

Add access toke attributes docs
wso2 · Nov 13, 2024 · 08dcd92 · 08dcd92
2 parents b4f5f75 + c611173
commit 08dcd92
Show file tree

Hide file tree

Showing 10 changed files with 25 additions and 46 deletions.
diff --git a/...tity-server/7.0.0/docs/guides/authorization/impersonation/user-impersonation.md b/...tity-server/7.0.0/docs/guides/authorization/impersonation/user-impersonation.md
diff --git a/en/identity-server/7.0.0/docs/guides/authorization/index.md b/en/identity-server/7.0.0/docs/guides/authorization/index.md
@@ -1,16 +1 @@
-# Authorization
-
-The authorization guide offers detailed instructions for implementing a range of authorization scenarios within your application using {{ product_name }}, ensuring secure access and enhanced protection.
-
-## API authorization
-
-- [Role-based access control (RBAC)]({{base_path}}/guides/authorization/api-authorization/api-authorization/)
-- [Attribute-based access control (ABAC)]({{base_path}}/guides/authorization/api-authorization/attribute-based-access-control/)
-
-## Fine-grained authorization
-
-- [Fine-grained authorization]({{base_path}}/guides/authorization/fine-grained-authorization/rule-based-provisioning/)
-
-## Impersonation
-
-- [Impersonation]({{base_path}}/guides/authorization/impersonation/user-impersonation/)
+{% include "../../../../../includes/guides/authorization/index.md" %}
diff --git a/en/identity-server/7.0.0/docs/guides/authorization/user-impersonation.md b/en/identity-server/7.0.0/docs/guides/authorization/user-impersonation.md
@@ -0,0 +1,4 @@
+{% set base_url = "localhost:9443" %}
+{% set base_url_sample = "localhost:9443" %}
+
+{% include "../../../../../includes/guides/authorization/user-impersonation.md" %}
diff --git a/en/identity-server/7.0.0/mkdocs.yml b/en/identity-server/7.0.0/mkdocs.yml
@@ -332,6 +332,7 @@ plugins:
 
         # To address the broken links in the API Authorization guides due to the directory structure mismatch is Asgardeo and IS
         'guides/api-authorization.md': 'guides/authorization/api-authorization/api-authorization.md'
+        'guides/authorization/impersonation/user-impersonation.md': 'guides/authorization/user-impersonation.md'
 
 # Navigation
 nav:
@@ -480,8 +481,7 @@ nav:
           - Attribute-based access control: guides/authorization/api-authorization/attribute-based-access-control.md
         - Fine-grained authorization:
             - XACML in provisioning flows: guides/authorization/fine-grained-authorization/rule-based-provisioning.md
-        - Impersonation:
-            - User Impersonation: guides/authorization/impersonation/user-impersonation.md
+        - User Impersonation: guides/authorization/user-impersonation.md
       - Branding:
         - Branding: guides/branding/index.md
         - Configure UI branding: guides/branding/configure-ui-branding.md

diff --git a/...t/docs/assets/img/guides/authorization/access-token/access-token-attributes.png b/...t/docs/assets/img/guides/authorization/access-token/access-token-attributes.png
diff --git a/...ntity-server/next/docs/guides/authorization/impersonation/user-impersonation.md b/...ntity-server/next/docs/guides/authorization/impersonation/user-impersonation.md
diff --git a/en/identity-server/next/docs/guides/authorization/index.md b/en/identity-server/next/docs/guides/authorization/index.md
@@ -1,16 +1 @@
-# Authorization
-
-The authorization guide offers detailed instructions for implementing a range of authorization scenarios within your application using {{ product_name }}, ensuring secure access and enhanced protection.
-
-## API authorization
-
-- [Role-based access control (RBAC)]({{base_path}}/guides/authorization/api-authorization/api-authorization/)
-- [Attribute-based access control (ABAC)]({{base_path}}/guides/authorization/api-authorization/attribute-based-access-control/)
-
-## Fine-grained authorization
-
-- [Fine-grained authorization]({{base_path}}/guides/authorization/fine-grained-authorization/rule-based-provisioning/)
-
-## Impersonation
-
-- [Impersonation]({{base_path}}/guides/authorization/impersonation/user-impersonation/)
+{% include "../../../../../includes/guides/authorization/index.md" %}
diff --git a/en/identity-server/next/docs/guides/authorization/user-impersonation.md b/en/identity-server/next/docs/guides/authorization/user-impersonation.md
@@ -0,0 +1,4 @@
+{% set base_url = "localhost:9443" %}
+{% set base_url_sample = "localhost:9443" %}
+
+{% include "../../../../../includes/guides/authorization/user-impersonation.md" %}
diff --git a/en/identity-server/next/mkdocs.yml b/en/identity-server/next/mkdocs.yml
@@ -329,6 +329,7 @@ plugins:
 
         # To address the broken links in the API Authorization guides due to the directory structure mismatch is Asgardeo and IS
         'guides/api-authorization.md': 'guides/authorization/api-authorization/api-authorization.md'
+        'guides/authorization/impersonation/user-impersonation.md': 'guides/authorization/user-impersonation.md'
 
 # Navigation
 nav:
@@ -478,8 +479,7 @@ nav:
           - Attribute-based access control: guides/authorization/api-authorization/attribute-based-access-control.md
         - Fine-grained authorization:
             - XACML in provisioning flows: guides/authorization/fine-grained-authorization/rule-based-provisioning.md
-        - Impersonation:
-            - User Impersonation: guides/authorization/impersonation/user-impersonation.md
+        - User Impersonation: guides/authorization/user-impersonation.md
       - Identity Verification:
         - Identity Verification: guides/identity-verification/index.md
         - Configure an Identity Verification Provider: guides/identity-verification/configure-identity-verification-provider.md

diff --git a/en/includes/guides/fragments/manage-app/oidc-settings/access-token.md b/en/includes/guides/fragments/manage-app/oidc-settings/access-token.md
@@ -2,7 +2,7 @@
 #### Token type  
 {{product_name}} supports the following token types.
 
-- *Opaque*: Opaque tokens are plain text tokens. If a resource server wants to know information related to an opaque token, it has to call the introspection endpoint and receive information related to tokens. An example for a opaque token response is shown below.
+- **Opaque**: Opaque tokens are plain text tokens. If a resource server wants to know information related to an opaque token, it has to call the introspection endpoint and receive information related to tokens. An example for a opaque token response is shown below.
 
     ```json
     {
@@ -14,7 +14,7 @@
     }
     ```
 
-- *JWT token*: JWT tokens are self-contained verifiable access tokens. If a resource server wants to know the information related to that token, it can decode the token and get the required information without any additional network calls. An example for a JWT token response is shown below.
+- **JWT**: JWT tokens are self-contained verifiable access tokens. If a resource server wants to know the information related to that token, it can decode the token and get the required information without any additional network calls. An example for a JWT token response is shown below.
 
     ```json
     {
@@ -27,6 +27,15 @@
     ```
     <br>
 
+{% if product_name == "WSO2 Identity Server" and is_version != "7.0.0" %}
+#### Access Token Attributes
+
+For **JWT** access tokens, this feature enables you to specify which user attributes are included in the access token. As a result, when a user logs in to an application, only the chosen attributes are shared, providing enhanced security and flexibility.
+
+![Access-Token-Attributes]({{base_path}}/assets/img/guides/authorization/access-token/access-token-attributes.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
+
+{% endif %}
+
 #### Token binding type
 
 Token binding securely links authentication tokens to client devices to prevent unauthorized token theft and replay attacks. It is a vital mechanism, especially when dealing with unsecured networks, as it provides an additional layer of security against unauthorized access.