Incorrect JWT 'aud' value in refresh token for keycloak 4.8.3 / redhat sso 7.3

i am testing with redhat sso 7.3, i follow this post to set the ‘aud’ to the client ID. however, this only change the ‘aud’ value in the access token, the ‘aud’ value in the refresh token is set to URI of the realm (e.g. “aud”:“”) instead of the client ID.

is there any way to fix it?


You shouldn’t care about the aud value in the refresh token - and it should indeed be set to the realm as the audience of a refresh token is the Keycloak realm, not any of your applications.

1 Like

ic… stianst thank you