According to OpenID connect specification [1] "aud" value is client id with identifiers for other audiences.
{ "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "auth_time": 1311280969, "acr": "urn:mace:incommon:iap:silver" } But in token introspection "aud" value is more like service provider URL with identifiers for other audiences. { "active": true, "client_id": "l238j323ds-23ij4", "username": "jdoe", "scope": "read write dolphin", "sub": "Z5O3upPC88QrAjx00dis", "aud": "https://protected.example.net/resource", "iss": "https://server.example.com/", "exp": 1419356238, "iat": 1419350238, "extension_field": "twenty-seven" } Can we have different Audience values for token introspection response and ID Token ? If not we can have both as Audience values. [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken [2] https://tools.ietf.org/html/rfc7662#section-2.2 Thanks, Gayan -- Gayan Gunawardana Senior Software Engineer; WSO2 Inc.; http://wso2.com/ Email: ga...@wso2.com Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev