Knowledge Base

Support Policies

OpenId Connection id_token JWT Payload: Include User Password

SecureAuth IdP Version affected: 9.0+

Description: 

It is not recommended to send a user's password via a bearer token. However, in certain scenarios, the Oidc client requires the users password for legacy delegation purposes. 

Resolution: 

1. Configure the realm to send the user password in the send token.

2. Create a custom Oidc claim under Post Authentication. (Leave the property unmapped)

3. Modify the web.config to send the password in the custom claim. 31 is the value for password. This will not be displayed in the UI.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.