Closed mjudeikis closed 1 month ago
cc: @oxisto
Unfortunately, we can not accept new claims to the Claims
interface, because this is not backwards compatible. I would suggest using a custom claim that embeds one of the standard claims, as can be seen in this example: https://github.com/golang-jwt/jwt/blob/6bcdd9d5b6ecb03a80ac123d1a9dc363441cbffe/example_test.go#L37-L40
I think this class of issues is one of the most common. We should probably update the README.md and the docs site (maybe an FAQ) to explicitly call it out with a copy/paste example.
Closing this, as unfortunately we cannot add this into the standard claims interface. As mentioned above however it is fairly easy to just create a custom OpenID claim based on our JWT standard claims.
make sense :) thanks
This adds azp (authorized party) claim to the
Claims
.We ran into the issue where using OpenID this field comes up very often. It's not part of JWT spec, but it is part of OpenID (https://openid.net/specs/openid-connect-core-1_0.html#IDToken) Especially in Azure AAD and Auth0. When doing nested OIDC providers. And we are not fully able to validate claims as depending on which authorization method you use they are mixing
aud
andazp
fields 😿This is very similar to https://github.com/golang-jwt/jwt/pull/352