Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[policy] [jwt] Using the aud field as a fallback for application reference #1235
When an Endpoint uses the JWT plan, if there is no client_id field, Gravitee could use the aud field. This field is a standard in JWT
Calling a endpoint with a jwt plan with no client_id in it. Gravitee will look into the aud field and validate or not the request.
Calling a endpoint with a jwt plan with no client_id returns a 401 error, access_denied.
I'm trying to provide a secure way to call APIs via jwt authentication. I get a generic Identity Server ( WSO2 ) that generates a jwt for a user. The client_id is written in the aud field and not in a client_id field.