User information is automatically stored in a CLIENT-PRINCIPAL object. The access token fields are automatically added to the CLIENT-PRINCIPAL object. For configurations using authorization servers that support OpenID Connect (OIDC), you can configure PAS for OpenEdge to collect additional user information that is shared with a client through an identity token.

Add access token values to a CLIENT-PRINCIPAL object

By default, PAS for OpenEdge converts the access token to a CLIENT-PRINCIPAL object. The following table provides the mapping of self-contained JWT fields to OpenEdge CLIENT-PRINCIPAL attributes:

JWT field CLIENT-PRINCIPAL attribute
sub (by configuration) User-id
exp expires
scope Roles
misc (if configured) Properties

For more information about token conversion, see Configure JWT/OAuth2 self-contained access token conversion to an OpenEdge CLIENT-PRINCIPAL.