-
Type: Task
-
Resolution: Unresolved
-
Priority: Minor - P4
-
Affects Version/s: None
-
Labels:
Original Downstream Change Summary
As part of PM-3662, the server will start rejecting OIDC access tokens that contain audience claims where the value is an empty array, or an array of multiple strings. This behavior will be backported to 7.0 & 7.3.
Description of Linked Ticket
If a client presents an access token where the "aud" claim is an array containing more than one string, then the server should reject it.
- documents
-
SERVER-86607 Reject access tokens with multiple audience claims
- Closed
- is duplicated by
-
DOCS-16657 [BACKPORT] [v7.3] Reject access tokens with multiple audience claims
- Closed