How to extend the Platform with plugins?

In this guide we are going to explain how you to extend the platform functionality by developing plugins.

This feature is only available in the Enteprise version.

Furthermore, it is currently in PREVIEW state, so when if a product wants to use it, please refer for activation.

Developing a custom Token Enhancer for the Identity Manager

Suppose you want to customize the way the JWT token is built at the Identity Manager.

New maven project

First of all, start by creating a new maven project on which you’ll develop the proposed functionality.

In order to guarantee 100% compatibility with the platform’s modules, version 1.5.9.RELEASE of Spring Boot and Java 1.8 should be used.

Developing the functionality

Let's start by creating a class that implements the interface TokenEnhancer on where we are going to add a simple property to the Oauth Access Token.

In order for the Authorization Server to use this Enhancer, you’ll need to create a @Configuration class which will extend AuthorizationServerConfigurerAdapter. In such class, you’ll override the method which configures the endpoints.

In this configure method, you’ll add the PluginTokenEnhancer itself to the existing Token Enhancer Chain:

In this way, your enhancer will be applied as the last link of the Enhancer Chain, before building the final JWT token.


Build the JAR

Lightweight JAR

You will use this method when NOT using external dependencies that Spring Boot does not bring

For the Identity Manager to use the plugin, you’ll need to package the project into a JAR file, either with mvn clean install or mvn clean package

Once the JAR is built, you shall upload it to a server accesible from the internet, or at least accesible from the server where the platform is deployed.

This server or repository could be for example a Nexus, where you’ll copy the link to the JAR file:

Or it could be the binary repository of the platform itself:

Please note that whatever the repository is, the file needs to be public, as the Identity Manager will try to download it without any kind of authentication.


You will use this method whenever you DO use external dependencies that does not come with Spring Boot

The process is slightly different. In this case you’ll want to add the maven assembly plugin to your pom.xml

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 <build> <plugins> <plugin> <artifactId>maven-assembly-plugin</artifactId> <configuration> <descriptorRefs> <descriptorRef>jar-with-dependencies</descriptorRef> </descriptorRefs> </configuration> <executions> <execution> <id>make-assembly</id> <phase>package</phase> <goals> <goal>single</goal> </goals> </execution> </executions> </plugin> </plugins> </build>

Then you’ll generate your plugin with mvn package

Keep in mind that this will generate a JAR with all dependencies, and therefore considerably increase the size of the plugin.

Define the URI of the plugin in the Identity Manager (Oauth Server)

As the last step, you’ll need to let the module know where the plugin is, this is done by setting the environment variable PLUGIN_URI to the URI(s) where the JAR is located. In case there is more than one plugin, URIs must be separated with the character ';'


Now at the startup, the identity manager will attempt to find and load the plugins:

JWT Token: test

Finally, you can test your plugin by making a request to the Identity Manger and check for the new parameter that your Enhancer is adding.