Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

Wed, 23 Aug 2017 01:29:22 -0700 

On Wed, Aug 23, 2017 at 1:46 PM, Asela Pathberiya <[email protected]> wrote:

>
>
> On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana <[email protected]>
> wrote:
>
>> According to OpenID connect specification [1] "aud" value is client id
>> with identifiers for other audiences.
>>
>>  {
>>    "iss": "https://server.example.com";,
>>    "sub": "24400320",
>>    "aud": "s6BhdRkqt3",
>>    "nonce": "n-0S6_WzA2Mj",
>>    "exp": 1311281970,
>>    "iat": 1311280970,
>>    "auth_time": 1311280969,
>>    "acr": "urn:mace:incommon:iap:silver"
>>   }
>>
>> But in token introspection "aud" value is more like service provider URL
>> with identifiers for other audiences.
>>
>
> Where is it mentioned that it must be the SP URL.  I guess it must be some
> kind of identification such as client id.  Isn't it ?
>
Yes no it is not a URL but kind of URI which represent service provider.
According to offline chat had with Ruwan in Oauth/OpenID connect
configuration there should be a way to configure Audiences like in SAML.

>
>
>>
>>  {
>>       "active": true,
>>       "client_id": "l238j323ds-23ij4",
>>       "username": "jdoe",
>>       "scope": "read write dolphin",
>>       "sub": "Z5O3upPC88QrAjx00dis",
>>       "aud": "https://protected.example.net/resource";,
>>       "iss": "https://server.example.com/";,
>>       "exp": 1419356238,
>>       "iat": 1419350238,
>>       "extension_field": "twenty-seven"
>>      }
>>
>> Can we have different Audience values for token introspection response
>> and ID Token ? If not we can have both as Audience values.
>>
>> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>>
>> Thanks,
>> Gayan
>>
>> --
>> Gayan Gunawardana
>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>> Email: [email protected]
>> Mobile: +94 (71) 8020933
>>
>
>
>
> --
> Thanks & Regards,
> Asela
>
> ATL
> Mobile : +94 777 625 933 <+94%2077%20762%205933>
>              +358 449 228 979
>
> http://soasecurity.org/
> http://xacmlinfo.org/
>



-- 
Gayan Gunawardana
Senior Software Engineer; WSO2 Inc.; http://wso2.com/
Email: [email protected]
Mobile: +94 (71) 8020933

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to