Is there a way to set the audience that is being returned within the context of a rule?
Once a user is authenticated, we may be able to establish they can have access to additional aud values.
I moved this to a new topic for clarity.
No, this isn’t possible. The audience param should reflect a default audience or a requested audience.
If you tell me more about your use case we might be able to figure out another solution. It doesn’t sound like audience would be the right claim for this type of information.
1 Like
Would we be able to control scopes? We can use the requested audience but based on user properties we want to limit the scopes they have.
Generally, you can’t update the standard claims of the token in a rule.
In your case, you should probably add a custom claim to the token.
1 Like
Great thank you - and the custom claim could be added to the access token. Is the access token surfaced as part of the context object (similar to the id token)?
Yes, that is correct.
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.