Set audience to the resource I want to use

[mrochon]

As per https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation/issues/8 audience seems to be always set to issuer+/resource. However, per JWT specs (as I understand them) my access token should have an aud claim that identifies the resource I am providing the token to. Is there a way to configure IS with a list of valid audiences (per client) and include the appropriate aud claim in the token?

[leastprivilege]

You use the scope claim to specify the exact API this token is for.

[mrochon]

Yes, but that still does not change my aud claim in the token and so the validation will fail unless every API app uses the same audience id.

[leastprivilege]

Yes - in OAuth scopes are used. Aud is a JWT implementation detail.

That's the way it is in IdentityServer3.

[mrochon]

OK. Thanks.

[UlyssesAlves]

Do you guys have a code example of how to accomplish this?