valid audience token code example

Example 1: valid audience token

When validating an ID token, 
you should verify that the aud (Audience) 
claim equals the Client ID of the current application.

Add this to the validation parameters:
ValidateAudience = true,
ValidAudience = "xyz123", // This Application's Client ID

Example 2: valid audience token

If you are validating access tokens, 
you should verify that the aud (audience) claim equals the
audience that is configured for your Authorization Server
in the Okta Developer Console.
For example, if your Authorization Server audience is set to
MyAwesomeApi, add this to the validation parameters:

ValidateAudience = true,
ValidAudience = "MyAwesomeApi",

Example 3: valid audience token

The audience of a token is the intended recipient of the token.
The audience value is a string -- typically, 
the base address of the resource being accessed, 
such as https://contoso.com

Tags:

Python Example

Recent Posts