May 15, 2019 at 4:47 am #25796
I have a 3rd party that requires a bearer token where the aud is a URL (http://hostname/oauth2). The aud value in the id-token that AM 6.5.1 creates is the same value as the Client ID. The AM Admin Console won;t allow me to set the Client ID to a URL, encoded or not.
Anyone know what I can do to have the aud created in the id_token be a URL?
ThanksMay 18, 2019 at 1:54 am #25813jfcarbelParticipant
I have similar use case, where the JWT is used as a client_assertion for urn:ietf:params:oauth:client-assertion-type:jwt-bearer type. The aud claim must be the URL api.onesourcetax.comMay 23, 2019 at 12:57 am #25840
The 3rd party changed their requirement and I was able to drop the http://. As much as AM 6.5 UI stating “.” can;t be used, it can. So I was able to specify the FQDN.May 24, 2019 at 7:19 pm #25856jfcarbelParticipant
Good to know Andrew. How did you specify the customization of the aud to a URL instead of the default ClientID? Did this require custom code or just config?
Or was your approach to actually set a ClientID in registration as a URL value?May 25, 2019 at 2:34 am #25857
Exactly. I didn’t need to customise the aud value. I just made the clientID name the replying party’s URL. Am 6.5 admin UI wouldn’t accept http:// but it would take a name with dots in it – even though it said it wouldn’t.
You must be logged in to reply to this topic.