mattiasmelin
commented
2 days ago Apparently it was using "nutid test".
Ingnore previous comment about wrong authorization server, I removed it.
Open mattiasmelin opened 3 days ago
mattiasmelin
commented
2 days ago Apparently it was using "nutid test".
Ingnore previous comment about wrong authorization server, I removed it.
nighal
commented
2 days ago The server URL for the test environment of the authorization server is https://nutid-auth-test.sunet.se, that's the reason why the issuer is set to https://nutid-auth-test.sunet.se. At the moment we are not using the "aud" claim. We might use it in the future to specify which client (organisation) the JWT is intended to.
mattiasmelin
commented
2 days ago We have check for allowed "aud" claims. Does this mean it can change at any time?
Accordning to https://github.com/skolverket/dnp-usermanagement/blob/main/authentication-api/README.md#verifiering-av-jwt-som-skickas-fr%C3%A5n-provtj%C3%A4nstens-ss12000-klient the audience should be "nutid"
"aud": "nutid",
Is this correct?
When we get a call from the test environment it seems to have some other audience. I cannot see the audience at the moment since we do not log the JWT token.