[keycloak-user] Motivation behind the removal of client_id from "aud" in the JWT
Lamina, Marco
marco.lamina at sap.com
Mon Nov 26 16:14:26 EST 2018
I've encountered a similar issue when switching from 4.5 to 4.6:
http://lists.jboss.org/pipermail/keycloak-user/2018-November/016445.html
I've been using the audience token mapper, which stopped working after the upgrade. Maybe these issues are related?
On 11/26/18, 9:01 AM, "keycloak-user-bounces at lists.jboss.org on behalf of Cristian Schuszter" <keycloak-user-bounces at lists.jboss.org on behalf of cristian.schuszter at cern.ch> wrote:
Hi!
We just updated from release 4.5.0 to 4.6.0 and discovered that the
"aud" field has been changed to "aud": "account", rather than the
client-id of the application.
After a bit of digging, we found the commit and associated pull request
for the change:
https://github.com/keycloak/keycloak/commit/f67d6f96607e51b1839501203342faf9f6987503#diff-d45230ec2a55480bbaf022aee366e898R85
Unfortunately, *KEYCLOAK-8482* issue seems to be hidden, as I couldn't
find it on the Jira board.
We were counting on the "client_id" being present in the audiences, as
the Microsoft.NET core validators target specifically the audiences in
the JWT token, with no option of targeting the "azp" field.
Could anybody shed some light as to why the *client_id* was removed from
the audiences?
Best regards,
Cristian Schuszter
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list