Auth0 Home Blog Docs

How to override audience in OpenID Connect token?

jwt
auth0
id_token
oidc-conformant
access-token
#1

https://tyk.io/docs/integrate/open-id-connect/#step-5-re-open-the-policy-and-add-the-appropriate-data-to-allow-your-id-token-through

I’m trying to integrate Auth0 with Tyk. Tyk’s OpenID Connect support requires the “aud” claim in JWT token to be the client ID. However, Auth0 seems only able to set “aud” as the API name (and it cannot be overridden in anyway, according to this https://auth0.com/docs/hooks/concepts/credentials-exchange-extensibility-point#claim-types).

This creates a problem, because Tyk maps client ID (i.e., “aud” in the JWT token) to a policy which controls the rate limiting. It would be wrong to map API name to a policy, because if the API is shared across multiple partners, then their traffic will be grouped under a single policy (e.g., 3 partners will share the same request limit).

Is there anyway to set the “aud” field to a different value?

1 Like