I need to authenticate users who are not on the wso2 user store so I created a CustomLocalAuthenticator that extends AbstractApplicationAuthenticator where I implement logic to make calls to external services via the REST API to actually authenticate the users and from these services I retrieve four fields that I will later need as claims to include in the access token. So far, no problem.
In order to insert the claims into the JWT I created CustomClaimHandler which extends DefaultClaimHandler where I mapped the claims into the handleLocalClaims and handleExternalClaims methods.
On the identity server (version 5.10.0) I configured the four claims as local claims and external claims and additionally added them as scope openid claims.
Going into debug, the claims in the CustomClaimHandler component are correctly set but something causes me to lose the claims just before the access token is generated because the access token that is generated following
to this claim:
https://localhost:9443/oauth2/authorize?scope=openid&response_type=token&redirect_uri=https://localhost/callback&client_id=9_rLhEkjM66KfJNc5xWaJjECvuEa
does not contain them. What could be the problem? Do you have any useful examples for this use case to share?