Incorrect JWT 'aud' value in refresh token for keycloak 4.8.3 / redhat sso 7.3

ping · January 6, 2020, 11:20am

i am testing with redhat sso 7.3, i follow this post to set the ‘aud’ to the client ID. however, this only change the ‘aud’ value in the access token, the ‘aud’ value in the refresh token is set to URI of the realm (e.g. “aud”:“https://rh-sso-test.mycompany.com/auth/realms/testing”) instead of the client ID.

is there any way to fix it?

thx.

stianst · January 6, 2020, 3:01pm

You shouldn’t care about the aud value in the refresh token - and it should indeed be set to the realm as the audience of a refresh token is the Keycloak realm, not any of your applications.

ping · January 7, 2020, 1:53am

ic… stianst thank you

Topic		Replies	Views
Refresh exchanged token Securing applications	0	405	December 13, 2021
Aud field in access token in Keycloak 19	2	6070	September 13, 2022
AUD multiple value in keycloak access token	2	71	January 6, 2025
How to set aud claim in access token oidc	0	808	January 9, 2023
How to change refresh_token_expires_in value in keycloak Getting advice	2	240	August 8, 2024

Incorrect JWT 'aud' value in refresh token for keycloak 4.8.3 / redhat sso 7.3

Related topics