-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oauth2: Reintroduce audience claim #687
Comments
The session seems to persist the request.Form so maybe this can already be done with slight modification of the challenge session persistence? If a request comes to the Side note, it looks like hydra is treating every auth request as an OpenID Connect request? Unless |
Depending on how issue #772 is implemented, this might be rolled up into those changes? |
Yes, that's the case indeed
I'm not quite sure at the moment - is this specified in some spec somewhere? Auth0 is known to bake in some weird custom stuff in their system which is also why they had to basically deprecate all the old APIs.
Kinda, we have handlers which "hook" in functionality based on request parameters. If
Absolutely |
It is not possible to set the audience claim in the consent acceptance payload, and it's not possible to retrieve it using the warden API, nor the introspection API. To add it, it must probably be introduced as part of the session.
The text was updated successfully, but these errors were encountered: