Skip Navigation
Constructing the JWT for OAuth2 user authentication in Knowledge Advanced
Answer ID 11710   |   Last Review Date 09/25/2020

What fields are required in the JSON Web Token used for OAuth2 authentication for the Knowledge Advanced REST API?


Knowledge Advanced REST API, Oracle B2C Service versions 19B+


The registered claims in RFC 7519 will be interpreted.

  • sub - the user's login.
  • aud - should include both "/km/api/latest/" and "/srt/api/latest/" to access both the Content REST and Search REST APIs.
  • iss - the issuer must match the one that has been configured in Authoring.
  • iat, nbf, exp - seconds since the epoch; respectively: at time of issue, not to be accepted before, and not to be accepted after.
  • jti - nonce.

The following private claims are used. The first is mandatory:

  • tok_type - this must be "AT".
  • user_type - either "ACCOUNT" or "CONTACT". If not supplied it will default to account.

Of course, the token must be signed with the certificate matching the public certificate configured in Authoring.

Example token before URL-safe base64 encoding and encryption:

{"sub":"TechnicalSupport", "user_type":"CONTACT", "tok_type":"AT", "aud":["\/km\/api\/latest\/", "\/srt\/api\/latest\/"], "iss": "https:\/\/", "iat": 1601062731, "nbf": 1601062731, "exp": 1601066331, "jti": "ab0534ea-24e3-44ca-a5d5-25443956b973"}

Then it is simply supplied as a bearer token in the authentication header of the request and you do not use the API's userToken.

For more information, see "Authenticate and Authorize" in the documentation for the Knowledge Advanced REST API. The documentation library specific to your version of Oracle B2C Service can be found at Answer 8156: Documentation for Knowledge Advanced.