This section outlines the properties used to validate a JWT Self-contained Access Token's payload fields.

A JWT has a recommended field name (sub) to hold the authenticated user's ID, but may be configured differently by the issuing Authorization Server. Refer to the JWT issuer's documentation for which field name contains the authenticated user's ID:

Each OAuth2 Resource Server has a well-known ID that it registers with the Authorization Server and is used to filter out the JWT tokens issued for other Resource Servers. The Authorization Server will insert a payload audience (aud) claim, which will be verified by the PAS for OpenEdge JWT validation process.

To configure the OAuth2 Resource Server ID, change the default oeablapp value for the one registered with the Authorization Server: