I did not find any concrete information on this. I would raise a support ticket with BMC and get official answer for this query.
I tried to ping a resource internally to see if we can have some guidance, but in the meantime if you have the possibility to raise a defect I would advise to do so if the documentation is not clear.
I would also advise to let a comment in the RSSO doc page itself, IDD engineers are pretty reactive
5 of 5 people found this helpful
Hello Yuliya Melikhova,
let me rephrase the question to make sure I understood it correctly:
"What is the format of access/refresh tokens are used in RSSO for OAuth2?"
These are not JWTs, but simply MD5 hash of the internally generated UUID. However, this is internal implementation and the subject to change. Access/refresh tokens do not handle any useful payload, just random strings.
However, RSSO Server can act also as openid connect server and in such case it issues id_token, accordingly to the standard: Final: OpenID Connect Core 1.0 incorporating errata set 1
And this id_token is JWT token.
This is a great answer. Roman! Thank you!