Flask-pyoidc icon indicating copy to clipboard operation
Flask-pyoidc copied to clipboard

Published 20 hours ago verified publisher icon zamzterz

Token is valid but required audience is missing

Open gautierrog opened this issue 1 year ago • 1 comments

Hello,

I'm making a token-based authentication in one of my flask application. I also use keycloak.

When the token is being verified it's expected to have client id in aud claim. AFAIK the aud claim being optional I'm confused with this requirement.

The message I get: INFO : Token is valid but required audience is missing.

gautierrog avatar Jun 28 '23 15:06 gautierrog

Okay, I will make it optional in the upcoming version. I missed the line where it says it's optional to enforce. I have checked it now:

https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3

Until then, you can add your client_id in audience. In Client scopes , create a token mapper called Audience and add your client_id in the mapper.

Will be fixed in https://github.com/zamzterz/Flask-pyoidc/pull/161

infohash avatar Jul 02 '23 18:07 infohash