Worked Example - API with OpenIDC Using Auth0 *Access Token*

The worked example setting up OpenIDC Using Auth0 looks really good and we already use Auth0 for our identity management. We generate access tokens with an aud claim that we use the secure all of our API access, but it looks like the Tyk OpenIDC plugin only supports ID tokens.

I think the problem is that with an ID token the iss claim is set to the client_id that the user authenticated with, whereas the access token has the azp claim set to the client_id. I think I stumbled across something that suggested you can change the claim the plugin looks for the client_id in? A legacy page that I stumbled across in Google hinted at something like this, but maybe it’s for the JWT plugin (which I’m also have issues with) Tyk API Gateway Documentation

I tried to set the “jwt_client_base_field” (if it even exists), but after saving the API json the field is removed.

Are there any docs on what all the configurations options do? Since you can’t use the UI to configure everything, it feels like shooting in the dark guessing what I think some of the config options might do.



A colleague did a worked example here:

Let me know if this helps otherwise i can help you dive further - i agree the docs do need constant improvement


Thanks for the reply, but the question was does it work with an access token. The video uses an ID token.