How to override audience in OpenID Connect token?

ran.ju · April 30, 2019, 3:39pm

https://tyk.io/docs/integrate/open-id-connect/#step-5-re-open-the-policy-and-add-the-appropriate-data-to-allow-your-id-token-through

I’m trying to integrate Auth0 with Tyk. Tyk’s OpenID Connect support requires the “aud” claim in JWT token to be the client ID. However, Auth0 seems only able to set “aud” as the API name (and it cannot be overridden in anyway, according to this Client Credentials Exchange).

This creates a problem, because Tyk maps client ID (i.e., “aud” in the JWT token) to a policy which controls the rate limiting. It would be wrong to map API name to a policy, because if the API is shared across multiple partners, then their traffic will be grouped under a single policy (e.g., 3 partners will share the same request limit).

Is there anyway to set the “aud” field to a different value?

konrad.sopala · September 2, 2019, 1:26pm

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

Topic		Replies	Views
Changing audience field for JWT authentication response Help login-experience , new-universal-login-experience	5	3043	January 27, 2023
Tyk interaction issue Help token , jwt , auth0 , integrations	1	4165	November 8, 2019
Auth0.js - not returning the correct audience Help jwt , javascript , audience	2	3911	March 2, 2018
createAuth0Client ignores passed in Audience. Generates JWT with audience of access_token Help angular , jwt , auth0 , spa , auth0-spa-js	4	4438	March 4, 2020
Audience (aud) claim mismatch in the ID token Help	4	7813	February 21, 2020

How to override audience in OpenID Connect token?

Related topics