Replies: 1 comment 2 replies
-
|
I do not intend to expose functionality for resource servers. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Hmm. Bummer. I also plan to use the Strategy. Very tempting to use same Issuer and key caches for both. |
Beta Was this translation helpful? Give feedback.
-
|
I made a related #394. I wonder if the new package with Strategy will be better place for this. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have a REST API server where I'd like to accept bearer access tokens in the Authorization header. The client receives the access token from Azure AD.
The access token from Azure is much the same as an id_token received from Azure. Looking at openid-client, the Client.validateJWT seems to be doing almost everything required apart the scp claim unique to the access token. As scp is a proprietary claim, the application can validate that.
But the validateJWT is marked private. The feature I'd like to discus is as simple as if it is possible to mark validateJWT public and include in the typescript.
Beta Was this translation helpful? Give feedback.
All reactions