From aa4df33b62991648ac3ac135d796b21618dd5a5b Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Wed, 7 Sep 2022 15:27:29 +0200 Subject: [PATCH] docs(oidc): use correct audience (issuer) for JWT Profile (#4336) --- docs/docs/apis/openidoauth/authn-methods.md | 4 ++-- docs/docs/apis/openidoauth/grant-types.md | 16 ++++++++-------- docs/docs/guides/integrate/serviceusers.md | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/docs/apis/openidoauth/authn-methods.md b/docs/docs/apis/openidoauth/authn-methods.md index fdcd0ce71e..b432d8984f 100644 --- a/docs/docs/apis/openidoauth/authn-methods.md +++ b/docs/docs/apis/openidoauth/authn-methods.md @@ -45,7 +45,7 @@ JWT | Claim | Example | Description | |:------|:---------------------------|:----------------------------------------------------------------------------------------------------------------| -| aud | `"{your_domain}"` | String or Array of intended audiences MUST include ZITADEL's issuing domain | +| aud | `"https://{your_domain}"` | String or Array of intended audiences MUST include ZITADEL's issuing domain | | exp | `1605183582` | Unix timestamp of the expiry | | iat | `1605179982` | Unix timestamp of the creation singing time of the JWT, MUST NOT be older than 1h | | iss | `"78366401571920522@acme"` | String which represents the requesting party (owner of the key), normally the `clientID` from the json key file | @@ -55,7 +55,7 @@ JWT { "iss": "78366401571920522@acme", "sub": "78366401571920522@acme", - "aud": "{your_domain}", + "aud": "https://{your_domain}", "exp": 1605183582, "iat": 1605179982 } diff --git a/docs/docs/apis/openidoauth/grant-types.md b/docs/docs/apis/openidoauth/grant-types.md index 4e435455ec..e89d328727 100644 --- a/docs/docs/apis/openidoauth/grant-types.md +++ b/docs/docs/apis/openidoauth/grant-types.md @@ -75,19 +75,19 @@ Key JSON JWT -| Claim | Example | Description | -|:------|:------------------------------|:--------------------------------------------------------------------------------------------------------------| -| aud | `"{your_domain}"` | String or Array of intended audiences MUST include ZITADEL's issuing domain | -| exp | `1605183582` | Unix timestamp of the expiry | -| iat | `1605179982` | Unix timestamp of the creation singing time of the JWT, MUST NOT be older than 1h | -| iss | `"77479219772321307"` | String which represents the requesting party (owner of the key), normally the `userId` from the json key file | -| sub | `"77479219772321307"` | The subject ID of the service user, normally the `userId` from the json key file | +| Claim | Example | Description | +|:------|:--------------------------|:--------------------------------------------------------------------------------------------------------------| +| aud | `"https://{your_domain}"` | String or Array of intended audiences MUST include ZITADEL's issuing domain | +| exp | `1605183582` | Unix timestamp of the expiry | +| iat | `1605179982` | Unix timestamp of the creation singing time of the JWT, MUST NOT be older than 1h | +| iss | `"77479219772321307"` | String which represents the requesting party (owner of the key), normally the `userId` from the json key file | +| sub | `"77479219772321307"` | The subject ID of the service user, normally the `userId` from the json key file | ```JSON { "iss": "77479219772321307", "sub": "77479219772321307", - "aud": "{your_domain}", + "aud": "https://{your_domain}", "exp": 1605183582, "iat": 1605179982 } diff --git a/docs/docs/guides/integrate/serviceusers.md b/docs/docs/guides/integrate/serviceusers.md index e778d859bf..853c98629f 100644 --- a/docs/docs/guides/integrate/serviceusers.md +++ b/docs/docs/guides/integrate/serviceusers.md @@ -70,7 +70,7 @@ Payload { "iss": "100507859606888466", "sub": "100507859606888466", - "aud": "{your_domain}.zitadel.cloud", + "aud": "https://{your_domain}.zitadel.cloud", "iat": [Current UTC timestamp, e.g. 1605179982, max. 1 hour ago], "exp": [UTC timestamp, e.g. 1605183582] }