mjudeikis
commented
9 months ago cc: @oxisto
Closed mjudeikis closed 1 month ago
mjudeikis
commented
9 months ago cc: @oxisto
oxisto
commented
7 months ago Unfortunately, we can not accept new claims to the Claims interface, because this is not backwards compatible. I would suggest using a custom claim that embeds one of the standard claims, as can be seen in this example: https://github.com/golang-jwt/jwt/blob/6bcdd9d5b6ecb03a80ac123d1a9dc363441cbffe/example_test.go#L37-L40
mfridman
commented
7 months ago I think this class of issues is one of the most common. We should probably update the README.md and the docs site (maybe an FAQ) to explicitly call it out with a copy/paste example.
oxisto
commented
1 month ago Closing this, as unfortunately we cannot add this into the standard claims interface. As mentioned above however it is fairly easy to just create a custom OpenID claim based on our JWT standard claims.
mjudeikis
commented
1 month ago make sense :) thanks
This adds azp (authorized party) claim to the
Claims.We ran into the issue where using OpenID this field comes up very often. It's not part of JWT spec, but it is part of OpenID (https://openid.net/specs/openid-connect-core-1_0.html#IDToken) Especially in Azure AAD and Auth0. When doing nested OIDC providers. And we are not fully able to validate claims as depending on which authorization method you use they are mixing
audandazpfields 😿This is very similar to https://github.com/golang-jwt/jwt/pull/352