I am trying to embed Tableau dashboards into my web application. Tableau has this method called connected apps approach which trusts the Okta signed access token which is included in the requests coming from my web application.
After the issuer is registered in Tableau, a site Id is generated. We need to set that in the access token in aud claim. The format of the aud value is given by tableau documentation as “tableau:<site_luid>”. For example, “tableau: abcdefer-ghij-123c-a234-kjce345klns”
However, Okta does not let to set this value in the aud claim. Could you pls provide guidance on setting this audience?
Hi,
To change the aud value in the token, you would need a Custom Authorisation Server. Create an authorization server | Okta Developer . You would need the API/AM SKU to create the Authorization Server.
Thank you for the reply. I already have a custom authorization server and definitely check inline hook.
Additionally, I would like to know,
- Can the default aud value be overridden by a custom claim named aud
- is this format supported in the aud claim “
tableau: abcdefer-ghij-123c-a234-kjce345klns”? This is the format tableau expects.
This was copied from the doc: Create an authorization server | Okta Developer
*Note: When a custom authorization server creates an access token, you must define the Audience property. This property must match the aud claim that’s returned during access token validation. The Audience property should be set to the URI for the OAuth 2.0 resource server that consumes the access token. Use an absolute path such as https://api.example.com/pets. This value is used as the default **audience (opens new window)*for access tokens.
-
Can the default aud value be overridden by a custom claim named aud - This is not possible, since aud is an reserved keyword so you can’t add another custom claim named aud\
-
is this format supported in the aud claim “
tableau: abcdefer-ghij-123c-a234-kjce345klns”? This is the format tableau expects. - This is possible, I was able to create an Access Token with the expected string format
