WSO2 Changelog

The Pre-Issue Access Token action has been upgraded to support more flexible validation use cases during the access token flow. Previously, this action could only modify token scopes and attributes before issuing the token. With this update, you can now validate token scopes, user claims, request context, expiry time, and more. If a validation fails, the action can return a client error directly to the application. We’ve introduced a new ‘FAILED’ state in the response format for external services implementing an action to return client errors. Use the ‘FAILED’ state to indicate validation failures in order to trigger an appropriate error response to the application. This improvement gives you more control over token issuance and strengthens validation workflows.

Documentation:

• https://wso2.com/asgardeo/docs/guides/customize/actions/pre-issue-access-token-action/#expected-response-from-external-service