Shibboleth IDP for OAuth2
Florian Ritterhoff
ritterhoff.florian at hm.edu
Fri Aug 12 18:11:03 UTC 2022
Well generating a new access_token itself is no problem. The "problem"
occures in case of the desired "OAuth2-access-token" containing
additional claims and the extra audience. until now I haven't found any
working configuration.
Adding a resource query to the /token endpoint in combination with the
refresh_token only produces the log message
Profile Action ValidateAudience: Omitting requested but previously
ungranted audience https://api.****** for RP portal-frontend-dev
Obviously that seems to fail. Should that work (maybe even without the
parameter)?
Thanks
Florian Ritterhoff
Am 12.08.2022 um 20:06 schrieb Cantor, Scott via users:
>> That works fine so far. The only thing I stumbled over is using
>> refresh_tokens. Is there an option/way to create a fresh access_token
>> using a generated refresh_token?
> Yes, that's all supported.
>
> -- Scott
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20220812/fbdf00ff/attachment.p7s>
More information about the users
mailing list