WSO2 Changelog

In extension points such as Pre-Issue Access Token and Custom Authenticator actions, it is common to rely on additional headers and parameters from the request flow. However, allowing unrestricted access to all headers and parameters poses security risks, as they may contain sensitive information, personally identifiable data (PII), or internal infrastructure details.

Now the extension developers can explicitly select which headers and parameters should be shared with the extension, in addition to the safeguards already applied at the server level. This ensures extensions get the required data while maintaining strong security controls.

Documentation:

• https://wso2.com/asgardeo/docs/guides/service-extensions/pre-flow-extensions/setting-up-actions/#configure-an-action-in-asgardeo
• https://wso2.com/asgardeo/docs/guides/service-extensions/in-flow-extensions/custom-authentication/#configure-the-custom-authenticator-in-asgardeo