Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8641

aud included in the authorization tickets

    XMLWordPrintable

    Details

    • Epic Link:
    • Sprint:
      Keycloak Sprint 14
    • Story Points:
      3
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      As a follow-up of KEYCLOAK-8483, we want to remove applications from the aud claim in the authorization tickets too. As Pedro mentioned:

      we can safely remove the client from the list of audiences in AuthorizationTokenService. if you look at how we are issuing tokens there, you will see that the RS is always included in the list of audiences as they are always targeted for a particular audience/RS.
       
      Regarding the AbstractPermissionService, we can also safely change the audience to be the issuer, the way it is right now is not correct given that only the AS/Keycloak should be able to process permission tickets.
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mposolda Marek Posolda
                  Reporter:
                  mposolda Marek Posolda
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: