• caglararli@hotmail.com
  • 05386281520

Bearer JWT client authentication and access token issued by authorization server

Çağlar Arlı      -    95 Views

Bearer JWT client authentication and access token issued by authorization server

An authorization server issues an access token with issuer details which are exposed in a well-known API of that server. This server uses client authentication JWT tokens with clients configured. These JWT tokens are sent as a part of a request from clients to the authorization server and have one of the claim audience of authorization server with URL and port.

Should a well-known API have the same issuer URL (access token) details as the audience in (JWT), or the JWT audience can be a different URL with the port of the authorization server?

Payload of client authentication JWT

{
"aud":"https://server:port"
}

payload of access token JWT

{
"iss":"https://server/address/abc"
}