[keycloak-user] Motivation behind the removal of client_id from "aud" in the JWT
Cristian Schuszter
cristian.schuszter at cern.ch
Mon Nov 26 11:49:46 EST 2018
Hi!
We just updated from release 4.5.0 to 4.6.0 and discovered that the
"aud" field has been changed to "aud": "account", rather than the
client-id of the application.
After a bit of digging, we found the commit and associated pull request
for the change:
https://github.com/keycloak/keycloak/commit/f67d6f96607e51b1839501203342faf9f6987503#diff-d45230ec2a55480bbaf022aee366e898R85
Unfortunately, *KEYCLOAK-8482* issue seems to be hidden, as I couldn't
find it on the Jira board.
We were counting on the "client_id" being present in the audiences, as
the Microsoft.NET core validators target specifically the audiences in
the JWT token, with no option of targeting the "azp" field.
Could anybody shed some light as to why the *client_id* was removed from
the audiences?
Best regards,
Cristian Schuszter
More information about the keycloak-user
mailing list