(i) This issue has been manually transferred from a former internal repository, as a private repository issue cannot be transferred to a public repository.
Context
The rule describes how the "aud" claim is used within api.otto.de. The usage and validation of the "aud" claim can make sense for other OAuth2 processes.
Instead of having a rule, we should improve api.otto.de's documentation of the OAuth2 server, as this rule is tightly bound to how api.otto.de's OAuth2 server works.
BirgitBader
commented
1 year ago
(i) This issue has been manually transferred from a former internal repository, as a private repository issue cannot be transferred to a public repository.
Context
The rule describes how the "aud" claim is used within api.otto.de. The usage and validation of the "aud" claim can make sense for other OAuth2 processes.
Instead of having a rule, we should improve api.otto.de's documentation of the OAuth2 server, as this rule is tightly bound to how api.otto.de's OAuth2 server works.