You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the audience is calculated from the app_client_id and the issuer comes from the openId config. It would be really helpful to specify the audience and issuer to validate the token claims instead. Making them additional parameters in the AzureAuthorizationCodeBearerBase setup would be perfect.
Additional context
The way our azure application registration is set up is quite customised and does not give the expected claims. This would allow us to account for this.
Many thanks!
The text was updated successfully, but these errors were encountered:
Hi! Unfortunately, since this is special behavior not defined in the RFCs, I cannot accept such a feature.
Security is my main concern, and changes like these can have unintended side effects.
If you're confident in your design, I would recommend forking the repo and implement it yourself. 😊
Describe the feature you'd like
Hi!
Currently the audience is calculated from the app_client_id and the issuer comes from the openId config. It would be really helpful to specify the audience and issuer to validate the token claims instead. Making them additional parameters in the AzureAuthorizationCodeBearerBase setup would be perfect.
Additional context
The way our azure application registration is set up is quite customised and does not give the expected claims. This would allow us to account for this.
Many thanks!
The text was updated successfully, but these errors were encountered: