Add audience or Resource

Question

Add audience or Resource

vitalybrandes opened this issue 8 months ago · comments

IF YOU DON'T ANSWER THIS TEMPLATE - THE BOT WILL AUTOMATICALLY CLOSE YOUR ISSUE!

I found some new identity provide kinde,
to get audience they asking to send the audience in request
https://kinde.com/docs/build/get-access-token-for-connecting-securely-to-kindes-api/#get-the-access-token-postman-example

Is it possible?

Geert van Horrik · Answer 1 · Wed Nov 29 2023 19:05:01 GMT+0800 (China Standard Time)

@alexfdezsauco ?

Igr Alexánder Fernández Saúco · Answer 2 · Wed Nov 29 2023 21:47:07 GMT+0800 (China Standard Time)

To the best of our knowledge of the protocol, the audience is requested using the Scope parameter from the configuration. We support request audience in this way from the configuration "Scope": "openid profile %API-NAME%". For details, take a look at the demo or the readme.md file. We don't have support for this configuration using audience value as a URL.

Vitaly · Answer 3 · Wed Dec 20 2023 01:26:18 GMT+0800 (China Standard Time)

To the best of our knowledge of the protocol, the audience is requested using the Scope parameter from the configuration. We support request audience in this way from the configuration "Scope": "openid profile %API-NAME%". For details, take a look at the demo or the readme.md file. We don't have support for this configuration using audience value as a URL.

Can i some how to extent current to support audience?

I am using logto.io for user Auth.
logto.io request "audience" or "Resource" to get access_token.
https://docs.logto.io/docs/recipes/protect-your-api/spring-boot/#configure-application

Vitaly · Answer 4 · Wed Dec 20 2023 02:55:53 GMT+0800 (China Standard Time)

There ia allot of issue regarding the same in Auth0.
Using there is some solution AdditionalProviderParameters in AddOidcAuthentication
builder.Services.AddOidcAuthentication(options =>
{
options.ProviderOptions.AdditionalProviderParameters.Add("resource", builder.Configuration["Auth0:Audience"]);
}

https://community.auth0.com/t/blazor-webassembly-apps-with-multiple-audience/70736

Gao Sun · Answer 5 · Mon Dec 25 2023 17:05:09 GMT+0800 (China Standard Time)

Logto leverages RFC 8707 for resources. So an extra resource parameter is required for the code flow.

Vitaly · Answer 6 · Fri Dec 29 2023 02:41:53 GMT+0800 (China Standard Time)

@alexfdezsauco
Can you please check the gao-sun pill request?
Thanks

Geert van Horrik · Answer 7 · Fri Dec 29 2023 02:56:40 GMT+0800 (China Standard Time)

@alexfdezsauco I quickly reviewed, looking forward to hear what you think. As long as this doesn't break existing flow for Keycloak, I don't mind adding this when there are unit tests covering this scenario and the docs are updated.

Igr Alexánder Fernández Saúco · Answer 8 · Fri Dec 29 2023 23:24:57 GMT+0800 (China Standard Time)

Sorry for the delay, let me check.

Geert van Horrik · Answer 9 · Wed Jan 31 2024 16:02:40 GMT+0800 (China Standard Time)

@vitalybrandes @gao-sun Just released 1.9.0-beta1 to NuGet. Can you please double check it works for you? Then we can release as stable.

Gao Sun · Answer 10 · Wed Jan 31 2024 16:29:12 GMT+0800 (China Standard Time)

@vitalybrandes @gao-sun Just released 1.9.0-beta1 to NuGet. Can you please double check it works for you? Then we can release as stable.

Sure will check it soon.

Gao Sun · Answer 11 · Wed Jan 31 2024 17:42:04 GMT+0800 (China Standard Time)

@GeertvanHorrik I can confirm the new options work as expected. Now we can fetch a JWT access token from Logto:

I'll write a tutorial soon.