Client authentication using client_secret_jwt method #513

anuthamako · 2022-08-08T04:43:08Z

anuthamako
Aug 8, 2022

Up till the openid-client version 4.5.1, the JWT created for auth assertion, contained "aud" with string value post which it is changed to an object. However the standard documentation states that it should contain the URL
(which I assume is a string). Post the change is made, I am facing 400 Bad request. May I know why was it changed and how can I overcome it?

Answered by panva

Aug 8, 2022

The aud claim being an array is well within spec. You should reach out to the operator of your authorization server to fix their implementation.

Otherwise you may use the clientAssertionPayload extra option on the callback method to pass whatever aud claim value you want.

View full answer

panva · 2022-08-08T09:41:34Z

panva
Aug 8, 2022
Maintainer

The aud claim being an array is well within spec. You should reach out to the operator of your authorization server to fix their implementation.

Otherwise you may use the clientAssertionPayload extra option on the callback method to pass whatever aud claim value you want.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Client authentication using client_secret_jwt method #513

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Client authentication using client_secret_jwt method #513

Uh oh!

Uh oh!

anuthamako Aug 8, 2022

Replies: 1 comment

Uh oh!

panva Aug 8, 2022 Maintainer

anuthamako
Aug 8, 2022

panva
Aug 8, 2022
Maintainer