Aud(ience) is not verified #40
Comments
|
@spawn-guy Thank you for your issue and proposing solution. |
tokusumi
added
enhancement
|
@tokusumi Hi! I just upgraded to 0.4.0. I'm using auth0 and I see that I understand this will essentially validate the client ID that is trying to authenticate. Now, what if there are multiple valid client IDs we want to authenticate against? One scenario I could see: An android app, an iOS app and an electron app all three with different client IDs, trying to auth against the same endpoint. This is a bit confusing and not made clear in the docs (it just says "audience"). WDYT? |
|
@jleclanche you need to validate against server keys, not the client keys. Client gives you a token, and server validates that it can accept the token. The token is valid an the token allows access to this server. |
|
@spawn-guy Thanks for the pointers. I think this could use some examples for auth0; I will try to figure out how to do it properly. |
i can't seem to find an audience (and the rest params) verifier.
it seems that only signature is verified
i see a
decodemethod that should do all that and get the needed information back here https://github.com/mpdavis/python-jose/blob/master/jose/jwt.py#L57can this be used?
The text was updated successfully, but these errors were encountered: