Skip to content

Conversation

@mjudeikis
Copy link

@mjudeikis mjudeikis commented Dec 14, 2023

This adds azp (authorized party) claim to the Claims.

We ran into the issue where using OpenID this field comes up very often. It's not part of JWT spec, but it is part of OpenID (https://openid.net/specs/openid-connect-core-1_0.html#IDToken) Especially in Azure AAD and Auth0. When doing nested OIDC providers. And we are not fully able to validate claims as depending on which authorization method you use they are mixing aud and azp fields 😿

This is very similar to #352

@mjudeikis
Copy link
Author

cc: @oxisto

@oxisto
Copy link
Collaborator

oxisto commented Jan 26, 2024

Unfortunately, we can not accept new claims to the Claims interface, because this is not backwards compatible. I would suggest using a custom claim that embeds one of the standard claims, as can be seen in this example:

jwt/example_test.go

Lines 37 to 40 in 6bcdd9d

type MyCustomClaims struct {
Foo string `json:"foo"`
jwt.RegisteredClaims
}

@mfridman
Copy link
Member

I think this class of issues is one of the most common. We should probably update the README.md and the docs site (maybe an FAQ) to explicitly call it out with a copy/paste example.

@oxisto
Copy link
Collaborator

oxisto commented Jul 23, 2024

Closing this, as unfortunately we cannot add this into the standard claims interface. As mentioned above however it is fairly easy to just create a custom OpenID claim based on our JWT standard claims.

@oxisto oxisto closed this Jul 23, 2024
@mjudeikis
Copy link
Author

make sense :) thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants