Igor Litovka
Results
2
comments of
Igor Litovka
When you use an `accessToken` with `azp=clientA` and `aud=API_1, API_2`, API_1 (e.g., Nextcloud) and API_2 should verify the token, but the primary focus should be on the `aud` field rather...
@julien-nc To sum up, if `selfencoded_bearer_validation_audience_check=true`, then only accessToken received in the Nextcloud application can be used in `user_oidc` (which breaks SSO principles); if `selfencoded_bearer_validation_audience_check=false` then many accessTokens could be...