OAuth2 id_token with aud contains URL

This topic contains 4 replies, has 2 voices, and was last updated by  Andrew 1 month, 3 weeks ago.

  • Author
    Posts
  • #25796
     Andrew 
    Participant

    Hi There,

    I have a 3rd party that requires a bearer token where the aud is a URL (http://hostname/oauth2). The aud value in the id-token that AM 6.5.1 creates is the same value as the Client ID. The AM Admin Console won;t allow me to set the Client ID to a URL, encoded or not.

    Anyone know what I can do to have the aud created in the id_token be a URL?

    Thanks

    #25813
     jfcarbel 
    Participant

    I have similar use case, where the JWT is used as a client_assertion for urn:ietf:params:oauth:client-assertion-type:jwt-bearer type. The aud claim must be the URL api.onesourcetax.com

    #25840
     Andrew 
    Participant

    The 3rd party changed their requirement and I was able to drop the http://. As much as AM 6.5 UI stating “.” can;t be used, it can. So I was able to specify the FQDN.

    #25856
     jfcarbel 
    Participant

    Good to know Andrew. How did you specify the customization of the aud to a URL instead of the default ClientID? Did this require custom code or just config?

    Or was your approach to actually set a ClientID in registration as a URL value?

    #25857
     Andrew 
    Participant

    Exactly. I didn’t need to customise the aud value. I just made the clientID name the replying party’s URL. Am 6.5 admin UI wouldn’t accept http:// but it would take a name with dots in it – even though it said it wouldn’t.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?