On Wed, Aug 23, 2017 at 1:58 PM, Gayan Gunawardana <[email protected]> wrote:
> > > On Wed, Aug 23, 2017 at 1:46 PM, Asela Pathberiya <[email protected]> wrote: > >> >> >> On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana <[email protected]> >> wrote: >> >>> According to OpenID connect specification [1] "aud" value is client id >>> with identifiers for other audiences. >>> >>> { >>> "iss": "https://server.example.com";, >>> "sub": "24400320", >>> "aud": "s6BhdRkqt3", >>> "nonce": "n-0S6_WzA2Mj", >>> "exp": 1311281970, >>> "iat": 1311280970, >>> "auth_time": 1311280969, >>> "acr": "urn:mace:incommon:iap:silver" >>> } >>> >>> But in token introspection "aud" value is more like service provider URL >>> with identifiers for other audiences. >>> >> >> Where is it mentioned that it must be the SP URL. I guess it must be >> some kind of identification such as client id. Isn't it ? >> > Yes no it is not a URL but kind of URI which represent service provider. > According to offline chat had with Ruwan in Oauth/OpenID connect > configuration there should be a way to configure Audiences like in SAML. > I do not think it is mentioned as URI. +1 Yes. we need to allow to configure multiple values & keep the client id as default. > >> >>> >>> { >>> "active": true, >>> "client_id": "l238j323ds-23ij4", >>> "username": "jdoe", >>> "scope": "read write dolphin", >>> "sub": "Z5O3upPC88QrAjx00dis", >>> "aud": "https://protected.example.net/resource";, >>> "iss": "https://server.example.com/";, >>> "exp": 1419356238, >>> "iat": 1419350238, >>> "extension_field": "twenty-seven" >>> } >>> >>> Can we have different Audience values for token introspection response >>> and ID Token ? If not we can have both as Audience values. >>> >>> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken >>> [2] https://tools.ietf.org/html/rfc7662#section-2.2 >>> >>> Thanks, >>> Gayan >>> >>> -- >>> Gayan Gunawardana >>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> >> >> >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 <+94%2077%20762%205933> >> +358 449 228 979 >> >> http://soasecurity.org/ >> http://xacmlinfo.org/ >> > > > > -- > Gayan Gunawardana > Senior Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
