Hello,

I am trying to test Client Credential flow with scope:oidc.

In response I a getting id_token with following.
{
"iat": 1589893679,
"iss": "https://authServer.com",
"at_hash": "LfIZEnYZZxPhZUiZ45gXiQ",
"sub": "<client-id>",
"exp": 1589897279,
"aud": "<client-id>"
}
But if we take a look in to Implement the Client Credentials Grant at auth0 then they have support to pass audience.

Azure AD uses scope value as "aud"

Do we have possibility to pass audience without doing changes in mapping rules?  

------------------------------
Piyush Agrawal
------------------------------

A small update to the post-token mapping rule is what I recommend to address this. It is trivial to do.

------------------------------
Shane Weeden
IBM
------------------------------

Original Message:
Sent: Tue May 19, 2020 11:53 AM
From: Piyush Agrawal
Subject: OAuth With client Credential

Hello,

I am trying to test Client Credential flow with scope:oidc.

In response I a getting id_token with following.
{
"iat": 1589893679,
"iss": "https://authServer.com",
"at_hash": "LfIZEnYZZxPhZUiZ45gXiQ",
"sub": "<client-id>",
"exp": 1589897279,
"aud": "<client-id>"
}
But if we take a look in to Implement the Client Credentials Grant at auth0 then they have support to pass audience.

Azure AD uses scope value as "aud"

Do we have possibility to pass audience without doing changes in mapping rules?  

------------------------------
Piyush Agrawal
------------------------------