cyber4EDU/binda
12
1
Fork
You've already forked binda
0

How to handle audience "aud" field in authorization token #72

Closed
opened 2025年09月27日 22:20:53 +02:00 by sven-hm · 2 comments

We currently we don't allow the "aud" field in an authorization token. This leads to the following problems:

  • the default keycloak configuration added an "aud" field and it took us a while to remove it
  • i cannot make oidc-provider-mock produce tokens without "aud" field :/

There are two solutions from my perspective:

  • enforce the "aud" field, e.g. "binda" or "binda-api"
  • ignore it (i.e. allow any value)
We currently we _don't allow_ the "aud" field in an authorization token. This leads to the following problems: - the default keycloak configuration added an "aud" field and it took us a while to remove it - i cannot make oidc-provider-mock produce tokens without "aud" field :/ There are two solutions from my perspective: - enforce the "aud" field, e.g. "binda" or "binda-api" - ignore it (i.e. allow any value)

We have decide "aud" should be configured using an env var, if set it should checked, if not it should be ignored.

We have decide "aud" should be configured using an env var, if set it should checked, if not it should be ignored.
Author
Owner
Copy link

This was broken, but should be fixed with #100

This was broken, but should be fixed with #100
Sign in to join this conversation.
No Branch/Tag specified
main
feat/ui-#31-Config-der-UI-aus-Config-File-ableiten
150_python_client_build
fix_client
fix/ui-new-version-endpoint-8
fix/ui-new-version-endpoint
binda_client_dev
108_absents
fix/mobile-header-tenant-wraps
feat/14-ui-Anzeige-der-Softwareversion-in-der-GUI
oidc_key_handling_and_api_tests_refactor
20-Anzeige-von-Vollmachten-pro-Schueler
23_rust_tests_in_ci
25_api_client
info_ws
test_gitlab_ci
dev
v0.11.0
v0.10.0
v0.9.0
v0.8.0
v0.7.1
v0.7.1-client-dev
v0.7.0-client-dev
v0.7.0
v0.6.0
v0.5.0
v0.4.0
v0.3.0
legacy_0.3.0
legacy_v0.2.0-rc14
legacy_v0.2.0-rc13
legacy_v0.2.0-rc12
legacy_v0.2.0-rc11
legacy_v0.2.0-rc9
legacy_v0.2.0-rc8
legacy_v0.2.0-rc7
legacy_v0.2.0-rc6
legacy_v0.2.0-rc5
legacy_v0.2.0-rc4
legacy_v0.2.0-rc3
legacy_v0.2.0-rc2
legacy_v0.2.0-rc0
legacy_v0.2.0-rc1
legacy_0.2.0
legacy_0.1.2
legacy_0.1.1
legacy_v0.1.0
legacy_0.1.0
legacy_v0.0.1
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
cyber4EDU/binda#72
Reference in a new issue
cyber4EDU/binda
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?