The following properties are used to validate a JWT self-contained access token's payload fields.

Validating the resource owner's ID claim

A JWT has a recommended field name (sub) to hold the authenticated user's ID. Refer to the JWT issuer's documentation for the field name that contains the authenticated user's ID:

jwtToken.usernameField=sub

Configuring the resource server's ID

Each OAuth2 resource server has a well-known ID that it registers with the authorization server and is used to filter out the JWT tokens issued for other resource servers. The authorization server inserts a payload audience (aud) claim, which is verified by the PAS for OpenEdge JWT validation process.

To configure the OAuth2 resource server ID, change the default oeablapp value for the one registered with the authorization server:

oauth2.resSvc.audience=oeableapp