On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana <[email protected]> wrote:
> According to OpenID connect specification [1] "aud" value is client id
> with identifiers for other audiences.
>
> {
> "iss": "https://server.example.com";,
> "sub": "24400320",
> "aud": "s6BhdRkqt3",
> "nonce": "n-0S6_WzA2Mj",
> "exp": 1311281970,
> "iat": 1311280970,
> "auth_time": 1311280969,
> "acr": "urn:mace:incommon:iap:silver"
> }
>
> But in token introspection "aud" value is more like service provider URL
> with identifiers for other audiences.
>
Where is it mentioned that it must be the SP URL. I guess it must be some
kind of identification such as client id. Isn't it ?
>
> {
> "active": true,
> "client_id": "l238j323ds-23ij4",
> "username": "jdoe",
> "scope": "read write dolphin",
> "sub": "Z5O3upPC88QrAjx00dis",
> "aud": "https://protected.example.net/resource";,
> "iss": "https://server.example.com/";,
> "exp": 1419356238,
> "iat": 1419350238,
> "extension_field": "twenty-seven"
> }
>
> Can we have different Audience values for token introspection response and
> ID Token ? If not we can have both as Audience values.
>
> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>
> Thanks,
> Gayan
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: [email protected]
> Mobile: +94 (71) 8020933
>
--
Thanks & Regards,
Asela
ATL
Mobile : +94 777 625 933
+358 449 228 979
http://soasecurity.org/
http://xacmlinfo.org/
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
