New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ID token azp
claim should not be required if aud
is single value array
#6618
Labels
Bug
For general bugs on Jetty side
Comments
agavrilov76
changed the title
ID token Aug 14, 2021
azp
claim should not be required If audience of ID token is since value arrayazp
claim should not be required aud
is single value array
agavrilov76
changed the title
ID token
ID token Aug 14, 2021
azp
claim should not be required aud
is single value arrayazp
claim should not be required if aud
is single value array
lachlan-roberts
added a commit
that referenced
this issue
Aug 16, 2021
…rray Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
It looks like you're sending the I have put up PR to fix (see #6620). |
lachlan-roberts
added a commit
that referenced
this issue
Aug 17, 2021
…ic method. Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
that referenced
this issue
Aug 18, 2021
…rray Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
that referenced
this issue
Aug 18, 2021
…ic method. Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
that referenced
this issue
Aug 18, 2021
Issue #6618 - azp claim should not be required for single value aud array
lachlan-roberts
added a commit
that referenced
this issue
Aug 18, 2021
Issue #6618 - azp claim should not be required for single value aud array (jetty-9.4)
Fixed in both 9.4.x branch and 10/11.0.x branches. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Jetty version(s)
9,10,11
Java version/vendor
(use: java -version)
N/A
OS type/version
N/A
Description
If audience of an ID token is an array containing a single value, the
azp
claim should not be required.https://openid.net/specs/openid-connect-core-1_0.html#IDToken
How to reproduce?
A sample ID token:
eyJraWQiOiIxIiwiYWxnIjoiUlMyNTYifQ.eyJhY3IiOiIxIiwic3ViIjoiNTg5ODQyMjA1MzgyMzg0ODQ0OCIsImF1ZCI6WyJ0ZWxlbm9yZGlnaXRhbC1kb2Jwb3J0YWx0ZWxlbm9yaWQtd2ViIl0sImF1dGhfdGltZSI6MTYyODk0ODA2NywiYW1yIjpbIlNTTyJdLCJpc3MiOiJodHRwczpcL1wvc2lnbmluLnRlbGVub3JpZC1zdGFnaW5nLmNvbVwvb2F1dGgiLCJ0ZF9zbHMiOmZhbHNlLCJleHAiOjE2Mjg5NTI5MzgsImlhdCI6MTYyODk0OTAzOH0.hKSYTSxJj3vzqKrvjDGqu45hrYnrnKTRrh9BmoGUADO48OGkh0GC9H2Qm529qi8iQKO5PXK6qc1lnDpfX8xv0zmwYSPJHwRrtFEXjNLrEIsuTdtrK59Tf7t7LXdxduZI95YfWtEqbPQ7EO-ykDCQev44pE0ry4IvrsFRYUyf7HU
causes the following exception:
The text was updated successfully, but these errors were encountered: