I have questions.
Does WSO2 support something similar to: https://docs.wso2.com/display/AM190/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type using JWT instead of SAML?
Is it possible to achieve it using Facebook/Google as Federated identity provider?
And another one:
Thanks
Does WSO2 support something similar to: https://docs.wso2.com/display/AM190/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type using JWT instead of SAML?
Yes, it does. We have the JWT Bearer Grant implementation for this. The idea behind JWT Grant is that a signed JWT valid according to [1] issued by a trusted IDP can be exchanged for an access_token. Follow [2] to try out the JWT Bearer Grant.
Facebook and Google do issue JWTs in the form of id_token. But there's a problem with using those id_token as a JWT Bearer Grant at the moment. According to the spec[1], the JWT Bearer Grant must contain some value in the 'aud' claim to let the entity that validates the bearer grant that it was intended to them. At present we cannot do this with any OpenID Connect provider ie. there is no standard way to request a OIDC provider to give us a token that we can use at 'X' identity provider.
Can we use JWT token instead of OAuth2 Access Token in WSO2 Api Manager to authorize incoming requests?
AFAIK, this is not possible out of the box. One solution would be to use the JWT to get an access token using the JWT Bearer grant type. And then use the access_token APIM.
[1] https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12#section-3
[2] https://docs.wso2.com/display/ISCONNECTORS/JWT+Grant+Type+for+OAuth2
