ValidateAudience: No allowed audience for client
Cantor, Scott
cantor.2 at osu.edu
Tue Jun 7 18:46:13 UTC 2022
On 6/7/22, 2:30 PM, "Schofield, Richie" <Richie.Schofield at netapp.com> wrote:
> I am understanding more clearly now. I can see examples of the SAML metadata specifying an audience in
> the test suites:
There should be an example in the documentation, but I'd have to check.
> I cannot, however, find examples of setting an audience using the oidc-client.json or in the
> OAuthRPMetadataProfile doc.
If it's not in the latter, it's an oversight, I'll have to review the documentation. The JSON approach is just an "audience" claim, same as any other claim, the docs should be saying that. I didn't use "aud" because while it's a match, I didn't want to accidentally overlap with anything they might eventually profile. Granted, "audience" isn't unique either, but I'm not the one who thinks using strings is a safe approach. Broken to start with.
-- Scott
More information about the users
mailing list