polavishnu4444
commented
4 years ago - Currently the istio authentication config allows all the tokens generated by any AAD app under a tenant.
- Restricting the authentication to a specific app users as equivalent to what was being authenticated in the service earlier with clientID and appIdUri configs.
- Adding the audiences check, "aud" field in the JWT token allows the specific AAD app users only to be allowed with authentication.