Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

F5 APM Oauth authorisation server openID userinfo

AlexS_yb
Cirrostratus
Cirrostratus

Hi

Wondering how I add a AZP field to a userinfo request.

I have audiences added and seems like the developer lib they are using need a AZP if there are multiple entires in a audience field on a userinfo request !

I would rather send JWK than json's

 

1 REPLY 1

This is what we have been working off

https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation 

 

point #4

If the ID Token contains multiple audiences, the Client SHOULD verify that an azp Claim is present.

F5 APM is sending userinfo JSON/JWT with aud with multiple values - but no AZP