id_token audience - Githubissues

IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

Apache License 2.0

2.43k stars 840 forks source link

id_token audience #1210

Closed mvmujeeb closed 3 years ago

mvmujeeb commented 4 years ago

Hi Team,

As per the library i can see, for id_token validation it is using audience as client_id and then matching .. is there any way to override this?, because my idp end_point is providing audience in id_token different than the client_id..

here i am pasting the library code snippet.

 return this._metadataService.getIssuer().then(function (issuer) {

            var audience = `state.client_id;`

appreciate your help!

Thanks

brockallen commented 4 years ago

because my idp end_point is providing audience in id_token different than the client_id

Unfortunately that's a violation of the OIDC spec, step 3: https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation