If your idp returns an access_token in a JWT format just set the client_id in tyk to the value of your “aud” claim from the access_token and not the id_token and it’ll do the job.
You’re right about client_id and aud, and I already did just that.
Trouble is that PingIdentity does not populate the kid key into the default jwks endpoint. PingIdentoty only does that for id tokens. And I’m limited to access tokens here.
Am looking into customized goplugin to solve.
Do you have any experience in using PingIdentity access tokens with tyk?