diff --git a/en/identity-server/7.0.0/docs/guides/authorization/impersonation/user-impersonation.md b/en/identity-server/7.0.0/docs/guides/authorization/impersonation/user-impersonation.md deleted file mode 100644 index 8a6e3e98eb..0000000000 --- a/en/identity-server/7.0.0/docs/guides/authorization/impersonation/user-impersonation.md +++ /dev/null @@ -1,4 +0,0 @@ -{% set base_url = "localhost:9443" %} -{% set base_url_sample = "localhost:9443" %} - -{% include "../../../../../../includes/guides/authorization/user-impersonation.md" %} \ No newline at end of file diff --git a/en/identity-server/7.0.0/docs/guides/authorization/index.md b/en/identity-server/7.0.0/docs/guides/authorization/index.md index bdc01e381e..9753b1c40a 100644 --- a/en/identity-server/7.0.0/docs/guides/authorization/index.md +++ b/en/identity-server/7.0.0/docs/guides/authorization/index.md @@ -1,16 +1 @@ -# Authorization - -The authorization guide offers detailed instructions for implementing a range of authorization scenarios within your application using {{ product_name }}, ensuring secure access and enhanced protection. - -## API authorization - -- [Role-based access control (RBAC)]({{base_path}}/guides/authorization/api-authorization/api-authorization/) -- [Attribute-based access control (ABAC)]({{base_path}}/guides/authorization/api-authorization/attribute-based-access-control/) - -## Fine-grained authorization - -- [Fine-grained authorization]({{base_path}}/guides/authorization/fine-grained-authorization/rule-based-provisioning/) - -## Impersonation - -- [Impersonation]({{base_path}}/guides/authorization/impersonation/user-impersonation/) \ No newline at end of file +{% include "../../../../../includes/guides/authorization/index.md" %} \ No newline at end of file diff --git a/en/identity-server/7.0.0/docs/guides/authorization/user-impersonation.md b/en/identity-server/7.0.0/docs/guides/authorization/user-impersonation.md new file mode 100644 index 0000000000..397e07d676 --- /dev/null +++ b/en/identity-server/7.0.0/docs/guides/authorization/user-impersonation.md @@ -0,0 +1,4 @@ +{% set base_url = "localhost:9443" %} +{% set base_url_sample = "localhost:9443" %} + +{% include "../../../../../includes/guides/authorization/user-impersonation.md" %} \ No newline at end of file diff --git a/en/identity-server/7.0.0/mkdocs.yml b/en/identity-server/7.0.0/mkdocs.yml index 9a1a759b92..54606696b7 100644 --- a/en/identity-server/7.0.0/mkdocs.yml +++ b/en/identity-server/7.0.0/mkdocs.yml @@ -332,6 +332,7 @@ plugins: # To address the broken links in the API Authorization guides due to the directory structure mismatch is Asgardeo and IS 'guides/api-authorization.md': 'guides/authorization/api-authorization/api-authorization.md' + 'guides/authorization/impersonation/user-impersonation.md': 'guides/authorization/user-impersonation.md' # Navigation nav: @@ -480,8 +481,7 @@ nav: - Attribute-based access control: guides/authorization/api-authorization/attribute-based-access-control.md - Fine-grained authorization: - XACML in provisioning flows: guides/authorization/fine-grained-authorization/rule-based-provisioning.md - - Impersonation: - - User Impersonation: guides/authorization/impersonation/user-impersonation.md + - User Impersonation: guides/authorization/user-impersonation.md - Branding: - Branding: guides/branding/index.md - Configure UI branding: guides/branding/configure-ui-branding.md diff --git a/en/identity-server/next/docs/assets/img/guides/authorization/access-token/access-token-attributes.png b/en/identity-server/next/docs/assets/img/guides/authorization/access-token/access-token-attributes.png new file mode 100644 index 0000000000..b5932d8df3 Binary files /dev/null and b/en/identity-server/next/docs/assets/img/guides/authorization/access-token/access-token-attributes.png differ diff --git a/en/identity-server/next/docs/guides/authorization/impersonation/user-impersonation.md b/en/identity-server/next/docs/guides/authorization/impersonation/user-impersonation.md deleted file mode 100644 index 8a6e3e98eb..0000000000 --- a/en/identity-server/next/docs/guides/authorization/impersonation/user-impersonation.md +++ /dev/null @@ -1,4 +0,0 @@ -{% set base_url = "localhost:9443" %} -{% set base_url_sample = "localhost:9443" %} - -{% include "../../../../../../includes/guides/authorization/user-impersonation.md" %} \ No newline at end of file diff --git a/en/identity-server/next/docs/guides/authorization/index.md b/en/identity-server/next/docs/guides/authorization/index.md index bdc01e381e..9753b1c40a 100644 --- a/en/identity-server/next/docs/guides/authorization/index.md +++ b/en/identity-server/next/docs/guides/authorization/index.md @@ -1,16 +1 @@ -# Authorization - -The authorization guide offers detailed instructions for implementing a range of authorization scenarios within your application using {{ product_name }}, ensuring secure access and enhanced protection. - -## API authorization - -- [Role-based access control (RBAC)]({{base_path}}/guides/authorization/api-authorization/api-authorization/) -- [Attribute-based access control (ABAC)]({{base_path}}/guides/authorization/api-authorization/attribute-based-access-control/) - -## Fine-grained authorization - -- [Fine-grained authorization]({{base_path}}/guides/authorization/fine-grained-authorization/rule-based-provisioning/) - -## Impersonation - -- [Impersonation]({{base_path}}/guides/authorization/impersonation/user-impersonation/) \ No newline at end of file +{% include "../../../../../includes/guides/authorization/index.md" %} \ No newline at end of file diff --git a/en/identity-server/next/docs/guides/authorization/user-impersonation.md b/en/identity-server/next/docs/guides/authorization/user-impersonation.md new file mode 100644 index 0000000000..397e07d676 --- /dev/null +++ b/en/identity-server/next/docs/guides/authorization/user-impersonation.md @@ -0,0 +1,4 @@ +{% set base_url = "localhost:9443" %} +{% set base_url_sample = "localhost:9443" %} + +{% include "../../../../../includes/guides/authorization/user-impersonation.md" %} \ No newline at end of file diff --git a/en/identity-server/next/mkdocs.yml b/en/identity-server/next/mkdocs.yml index a0a6174a02..f2f7c558bd 100644 --- a/en/identity-server/next/mkdocs.yml +++ b/en/identity-server/next/mkdocs.yml @@ -329,6 +329,7 @@ plugins: # To address the broken links in the API Authorization guides due to the directory structure mismatch is Asgardeo and IS 'guides/api-authorization.md': 'guides/authorization/api-authorization/api-authorization.md' + 'guides/authorization/impersonation/user-impersonation.md': 'guides/authorization/user-impersonation.md' # Navigation nav: @@ -478,8 +479,7 @@ nav: - Attribute-based access control: guides/authorization/api-authorization/attribute-based-access-control.md - Fine-grained authorization: - XACML in provisioning flows: guides/authorization/fine-grained-authorization/rule-based-provisioning.md - - Impersonation: - - User Impersonation: guides/authorization/impersonation/user-impersonation.md + - User Impersonation: guides/authorization/user-impersonation.md - Identity Verification: - Identity Verification: guides/identity-verification/index.md - Configure an Identity Verification Provider: guides/identity-verification/configure-identity-verification-provider.md diff --git a/en/includes/guides/fragments/manage-app/oidc-settings/access-token.md b/en/includes/guides/fragments/manage-app/oidc-settings/access-token.md index 4604f0fcae..0c91fbab6b 100644 --- a/en/includes/guides/fragments/manage-app/oidc-settings/access-token.md +++ b/en/includes/guides/fragments/manage-app/oidc-settings/access-token.md @@ -2,7 +2,7 @@ #### Token type {{product_name}} supports the following token types. -- *Opaque*: Opaque tokens are plain text tokens. If a resource server wants to know information related to an opaque token, it has to call the introspection endpoint and receive information related to tokens. An example for a opaque token response is shown below. +- **Opaque**: Opaque tokens are plain text tokens. If a resource server wants to know information related to an opaque token, it has to call the introspection endpoint and receive information related to tokens. An example for a opaque token response is shown below. ```json { @@ -14,7 +14,7 @@ } ``` -- *JWT token*: JWT tokens are self-contained verifiable access tokens. If a resource server wants to know the information related to that token, it can decode the token and get the required information without any additional network calls. An example for a JWT token response is shown below. +- **JWT**: JWT tokens are self-contained verifiable access tokens. If a resource server wants to know the information related to that token, it can decode the token and get the required information without any additional network calls. An example for a JWT token response is shown below. ```json { @@ -27,6 +27,15 @@ ```
+{% if product_name == "WSO2 Identity Server" and is_version != "7.0.0" %} +#### Access Token Attributes + +For **JWT** access tokens, this feature enables you to specify which user attributes are included in the access token. As a result, when a user logs in to an application, only the chosen attributes are shared, providing enhanced security and flexibility. + +![Access-Token-Attributes]({{base_path}}/assets/img/guides/authorization/access-token/access-token-attributes.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} + +{% endif %} + #### Token binding type Token binding securely links authentication tokens to client devices to prevent unauthorized token theft and replay attacks. It is a vital mechanism, especially when dealing with unsecured networks, as it provides an additional layer of security against unauthorized access.