Improve JWt access token attribute section (#5013)

wso2 · Feb 3, 2025 · af8dc97 · af8dc97
1 parent 6f7963d
commit af8dc97
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/en/includes/guides/fragments/manage-app/oidc-settings/access-token.md b/en/includes/guides/fragments/manage-app/oidc-settings/access-token.md
@@ -32,6 +32,9 @@
 
 For **JWT** access tokens, this feature enables you to specify which user attributes are included in the access token. As a result, when a user logs in to an application, only the chosen attributes are shared, providing enhanced security and flexibility.
 
+!!! note 
+    All configured user attributes are included in the access token, regardless of the requested scopes.
+
 ![Access-Token-Attributes]({{base_path}}/assets/img/guides/authorization/access-token/access-token-attributes.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
 {% endif %}
@@ -104,4 +107,4 @@ Token binding securely links authentication tokens to client devices to prevent
 This option specifies the validity period of an access token issued to a user in seconds. The default expiry time is 3600 seconds.
 
 #### Application access token expiry time
-This option specifies the validity period of an access token issued to an application when using the `Client Credentials` grant type in seconds.
+This option specifies the validity period of an access token issued to an application when using the `Client Credentials` grant type in seconds.