Oidc-client-js: access token as jwt, specify audience in client settings ?
is there a way to specific the audience when making the authorization request? right now it doesn't seem like this library supports it. It's my understanding we need to pass audience to get the access token back as a JWT. Right now i'm getting back an opaque string back as the access token in which my api isn't able to parse!
export function getClientSettings(): UserManagerSettings {
return {
authority: 'https://localhost:8080/identityProvider',
client_id: 'insertclientid',
redirect_uri: 'https://localhost:4200/auth-callback',
post_logout_redirect_uri: 'https://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile email',
filterProtocolClaims: true,
loadUserInfo: true
};
makaster
All 7 comments
Need the access token as a JWT!
makaster
on 28 Feb 2018
is there a way to specific the audience when making the authorization request
audience of what? i guess you mean the access token? this is what scope is for.
It's my understanding we need to pass audience to get the access token back as a JWT
sounds like an incorrect understanding to me. this is what scope is for.
Right now i'm getting back an opaque string back as the access token in which my api isn't able to parse
the format of an access token is a contract between the token server and the API. the client (and consequently the library library) has no say in this contract.
brockallen
on 28 Feb 2018
Thanks @brockallen - still learning my way through this and the terms :)
So as i understand access tokens can be in 2 formats - opaque strings and JWT. I am getting back this from my IDP
https://localhost:4200/auth-callback#access_token=OqSd2Beb3aF0d9gRudGlQ4Aua&id_token=xxx.yyy.zzz (this id jwt token does actually come back properly - removed for brevity).
My main question is how do i get back a JWT access token -- if i understand you correctly, identity provider configuration is responsible for this format?
makaster
on 28 Feb 2018
My main question is how do i get back a JWT
I think your main question is "how in my API to I validate the JWT?". Again, check with your token service. If it's a JWT you can use off the shelf JWT libraries. If it's a reference token then typically you'd use introspection: https://tools.ietf.org/html/rfc7662.
Again, none of this has anything to do with the client application (and this library).
brockallen
on 28 Feb 2018
My API is already validating bearer tokens, it expects a JWT. I'm not getting a JWT access token so my API is throwing exceptions because it expects a JWT, as i'm using this library to set the access token on the header in my rest api call. So, i'm not asking how does my API validate because it already is -- the api just isn't getting passed an access token in JWT format from the client SPA. So again, my question was around if you knew how to get the access token back as a JWT, so i can properly use this library to add it on my rest api call. I will go elsewhere as it seems like it's not specific to this library as you mentioned. thanks.
makaster
on 28 Feb 2018
As I said, that's something you need to configure with your token server. I can't help you with that.
brockallen
on 28 Feb 2018
@makaster quite late now probably, you need to pass the audience as a Dictionnary
SergioETrillo
on 15 Jun 2018
Related issues
pottabathini
路
5Comments
tomeinar
路
3Comments
wsimf
路
4Comments
eckersalld
路
5Comments
primozs
路
3Comments