oauth2.dev

aud

IESG

Registry Context

`aud` is an optional token introspection response member identifying the intended audience for the token. Its value can be a service-specific string identifier or a list of string identifiers.

Technical Summary

RFC 7662 defines `aud` as an OPTIONAL top-level introspection response member using the audience value definition from RFC 7519. RFC 7519 generally represents the value as an array of case-sensitive StringOrURI values, but permits a single StringOrURI string when there is one audience.

When Used

Used when the authorization server returns information about the intended audience of an introspected token.

Normative Requirements

Authorization servers

MAY
1
  1. RFC 7519 - Section 4.1.3

    represent `aud` as a single case-sensitive string containing a StringOrURI value.

    Condition: when the token has one audience

    the "aud" value MAY be a single case-sensitive string containing a StringOrURI value

OPTIONAL
1
  1. RFC 7662 - Section 2.2

    include the `aud` top-level member in the introspection response.

    Condition: when producing a token introspection response

    aud OPTIONAL.

Validation Guidance

info

Allow `aud` to be omitted from an introspection response.

error

When present, accept `aud` as either an array of case-sensitive StringOrURI values or, for one audience, a single case-sensitive StringOrURI value.

info

Treat interpretation and comparison of audience values as application specific.

Reference

Details

Entry Id
aud
Name
aud
Description
Audience of the token
Change Controller
IESG
Reference
RFC7662 - Section 2.2