What value in JWT is adopted as the client id on 3scale

Solution Verified - Updated -

Issue

  • We have a 3scale instance that'll be processing JWT OIDC tokens generated by a third-party. Does 3scale handle situations where there are multiple entries in the AUD claim?
    Future JWT tokens will look something like this:
{
  "permissions": [
    {
      "resource_id": "90ccc6fc-b296-4cd1-881e-089e1ee15957",
      "resource_name": "Hello World Resource"
    }
  ],
  "exp": 1465314139,
  "nbf": 0,
  "iat": 1465313839,
  "aud": ["abcde","12345"],
  "active": true
}

If this token is sent to a 3scale API endpoint that's configured for OIDC and the Client ID is set to 12345 on the 3scale side (under the API Credentials section), will this token be honored?

Environment

  • Red Hat 3scale API Management 2.4.0 On-Premises

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content