Adding custom claims on JWT
Sometimes we need to handle some specific scenarios that deviate from generic applications. As an example, the Resource Server might need more data about the Resource Owner and to avoid round-trips between the Resource Server and the Authorization Server, a self contained access token can carry more information within the payload. This recipe will help you to handle exactly this kind of situation.
Note
This recipe is based on the solution provided by Eugen Parachiv at http://www.baeldung.com/spring-security-oauth-jwt.
Getting ready
This recipe will be created as a Spring Boot application with Java 8, H2 database, Maven, Spring Web, and Spring Security. To ease the project creation step, use Spring Initializr at http://start.spring.io/ and reference Web
, JPA
, H2
, and Security
as dependencies (that will declare properly all the Spring Boot starters needed for this recipe). As explained earlier in the previous chapters you also need to define the Artifact
and Group
name...