PAS for OpenEdge release 11.7.3 supports configuration of JWT field name for scope as part of its support for authentication with OAuth2 and JWT.
When mapping Self-contained JWT fields to OpenEdge Client-Principal attributes, a JWT has a recommended field name scope to hold the scope of the authenticated user. However, you can configure this field name, as shown below, using the Authorization Server that issues it:
jwtToken.scopeNameField={ scope }
If the configured field name for scope is not available in the JWT, then the JWT uses PSCUser as the default scope. You can set this default scope using the jwtToken.defaultRoles property in the oeablSecurity.properties file.
Refer to JWT issuer’s documentation to find which field name contains the scope of the authenticated user and map its claim to the scope (Role).
