<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:13px"><div id="yui_3_16_0_1_1428835643029_2229" dir="ltr"> We have a use case similar to the one listed in the below url - basically once a user is authenticated, a client application after receiving the tokens from the Provider, shares the tokens with a few other applications that are in a group. The other client applications should be able to verify the tokens without requiring any more user interaction. In the OIDC world, unfortunately, the aud parameter has the clientid of the first app only and it will fail validation by the other apps. So, is there any way this can be handled in KC?</div><div id="yui_3_16_0_1_1428835643029_2228"><br></div><div id="yui_3_16_0_1_1428835643029_2227"><a id="yui_3_16_0_1_1428835643029_2226" href="https://developers.google.com/identity/protocols/CrossClientAuth">https://developers.google.com/identity/protocols/CrossClientAuth</a></div><div id="yui_3_16_0_1_1428835643029_2225"><br></div></div></body></html>