Sorry for the question
But what is exactly a audience server or only audience
Seems to be related with Authorizatiin Server
Is some kind of log ?
Or auditor server
I can access in admin console ?
Thanks
Nelson Gomes
The audience is the resource/server that the access token is intended for. If you are working on an OAuth/authorization use case, you will need to validate the āaudā claim in the token to ensure that the token that was received is intended to be used by the accessed resource.
More details about the Audience claim is in the JWT RFC: rfc7519
If you are using the Org Authorization server (https://org.okta.com/oauth2/v1/authorize, etc), the audience will be the client_id. If you are using a Custom Authorization Server (https://org.okta.com/oauth2/authorizationServerId/v1/authorize, etc), you will set this value yourself when you create the server and it should be the absolute path for the protected resource, e.g. https://api.example.com/pets.
Iām trying to create a custom authorization server, but still have no idea what to put in Audience.
āabsolute path for the protected resourceā - what exactly is this? How can I find the value Iām meant to use?
Thereās no right or wrong answer here. You are the one that will define the audience within Okta and then configure your resource server/API to expect this audience when it validates tokens. Naming the audience after the resource being protected is more or less a recommendation.
1 Like
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.