-
Type: Task
-
Resolution: Duplicate
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Server Security
-
v7.3, v7.0
A OIDC conformant JWT may contain multiple aud claims. Tokens of this form are rare, because the semantics of their claims can be unclear. Because the audience is used to identify authentication principals, we should reject tokens with multiple audiences.
- is duplicated by
-
SERVER-86607 Reject access tokens with multiple audience claims
- Closed