How to override audience in OpenID Connect token?

ran.ju · April 30, 2019, 3:39pm

https://tyk.io/docs/integrate/open-id-connect/#step-5-re-open-the-policy-and-add-the-appropriate-data-to-allow-your-id-token-through

I’m trying to integrate Auth0 with Tyk. Tyk’s OpenID Connect support requires the “aud” claim in JWT token to be the client ID. However, Auth0 seems only able to set “aud” as the API name (and it cannot be overridden in anyway, according to this Client Credentials Exchange).

This creates a problem, because Tyk maps client ID (i.e., “aud” in the JWT token) to a policy which controls the rate limiting. It would be wrong to map API name to a policy, because if the API is shared across multiple partners, then their traffic will be grouped under a single policy (e.g., 3 partners will share the same request limit).

Is there anyway to set the “aud” field to a different value?

konrad.sopala · September 2, 2019, 1:26pm

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?