What value in JWT is adopted as the client id on 3scale

Solution Verified - Updated -

Issue

  • We have a 3scale instance that'll be processing JWT OIDC tokens generated by a third-party. Does 3scale handle situations where there are multiple entries in the AUD claim?
    Future JWT tokens will look something like this:
{
  "permissions": [
    {
      "resource_id": "90ccc6fc-b296-4cd1-881e-089e1ee15957",
      "resource_name": "Hello World Resource"
    }
  ],
  "exp": 1465314139,
  "nbf": 0,
  "iat": 1465313839,
  "aud": ["abcde","12345"],
  "active": true
}

If this token is sent to a 3scale API endpoint that's configured for OIDC and the Client ID is set to 12345 on the 3scale side (under the API Credentials section), will this token be honored?

Environment

  • Red Hat 3scale API Management 2.4.0 On-Premises

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In