When setting up OpenID connect, I notice that the documentation keeps referring to “ID Token” :
snippet : “Gateway validates OIDC ID Token signature”
The token is used to send a “Authorization: Bearer some_token_val”, when calling tyk gateway.
Why is the token not an Access token?
I think that is the usual way to use oidc token for api access.
OpenID connect apparently is always id_token, that would explain it…
If your idp returns an access_token in a JWT format just set the client_id in tyk to the value of your “aud” claim from the access_token and not the id_token and it’ll do the job.
You’re right about client_id and aud, and I already did just that.
Trouble is that PingIdentity does not populate the kid key into the default jwks endpoint. PingIdentoty only does that for id tokens. And I’m limited to access tokens here.
Am looking into customized goplugin to solve.
Do you have any experience in using PingIdentity access tokens with tyk?