User information is automatically stored in a ClIENT-PRINCIPAL object. The access token fields are automatically added to the CLIENT-PRINCIPAL object. For configurations using authorization servers that support OpenIDConnect (OIDC), you can configure PAS for OpenEdge to collect additional user information that is shared with a client through an identity token.

Add access tokens values to a CLIENT-PRINCIPAL object

By default, PAS for OpenEdge converts the access token to a CLIENT-PRINCIPAL object. The following table provides the mapping of self-contained JWT fields to OpenEdge CLIENT-PRINCIPAL attributes:

JWT field CLIENT-PRINCIPAL attribute
sub (by configuration) User-id
exp expires
scope Roles
misc (if configured) Properties

For more information about token conversion, see Configure JWT/OAuth2 self-contained access token conversion to an OpenEdge CLIENT-PRINCIPAL.