Reputation: 501
How to add multiple target_audience in google authentication jwt?
I need to get id token for multiple specific services from the google oauth2 service.
Header
{"typ":"JWT","alg":"RS256"}.
Payload:
{
"aud": "https://www.googleapis.com/oauth2/v4/token",
"exp": "1566830430",
"iat": "1566827130",
"iss": "my_project.iam.gserviceaccount.com",
"target_audience": "www.myservice.com/location"
}
It returns me an ID token to post any data to the location service but I would like post data to my time service (www.myservice.com/time) too.
How can I set these 2 URLs as the target audience?
Upvotes: 1
Views: 1823
Answers (1)
Reputation: 1325
The field does not currently support setting multiple values.
Consider sending a self-signed JWT [1] to https://iamcredentials.googleapis.com/v1/{name=projects//serviceAccounts/}:generateIdToken [2] instead. Even though it doesn't support multiple audiences in one call either, it is still the correct API to use to obtain ID tokens for your service account.
[1] https://developers.google.com/identity/protocols/OAuth2ServiceAccount#jwt-auth
[2] https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateIdToken
Upvotes: 1
Related Questions
- OpenID Connect multiple audiences in access token
- JWT multiple audiences per resource server
- Add multiple audiences in token descriptor
- How to specify audience for an OAuth2 access token?
- .NET Core 2-3 JWT Multiple Audiences
- How to set multiple audiences in Asp.Net Core 2.0 "AddJwtBearer" middleware?
- Is it possible to generate multi audience claim JWT token using Azure Identity?
- How to specify OAuth audience (audience:server:client_id returns invalid_scope)
- To add google group as claims into a token
- Client ID or Multiple Audiences In JSON Web Token