How to not restrict client-id in OpenId authentication in Tyk?

maantarng · September 29, 2022, 2:01am

Hi,

I am using the OpenId connect authentication mode in Tyk for my API.

When we use this authentication mode, we have to specify the issuer, client-id, and policy. In my case, one of my API wants to use this OpenId connect, and it is designed to allow every client-id to use this API.

How to achieve this in Tyk? Let’s say I have 5 client id in this issuer, I have to specify it in Tyk. But what if I have 10 or 20 or even more client-id?

Is there any way to just whitelist the issuer only in OpenId connect? Like we don’t have to specify the client id, and just allow the issuer only?

Regards,

Maan Tarng

Josh · September 29, 2022, 8:11am

Hi

Instead of using the OIDC Auth type it’s actually much better to us the JWT Auth in Tyk for OpenID Connect use cases.

You can then validate against an issuer with the public key with either the JWKS uri or a hardcoded key to match.

Thanks
Josh

maantarng · September 29, 2022, 8:31am

Thanks for your help and information.