The worked example setting up OpenIDC Using Auth0 looks really good and we already use Auth0 for our identity management. We generate access tokens with an
aud claim that we use the secure all of our API access, but it looks like the Tyk OpenIDC plugin only supports ID tokens.
I think the problem is that with an ID token the
iss claim is set to the
client_id that the user authenticated with, whereas the access token has the
azp claim set to the
client_id. I think I stumbled across something that suggested you can change the claim the plugin looks for the
client_id in? A legacy page that I stumbled across in Google hinted at something like this, but maybe it’s for the JWT plugin (which I’m also have issues with) https://tyk.io/blog/docs/tyk-api-gateway-v-2-0/key-changes-in-tyk-v2-0/
I tried to set the “jwt_client_base_field” (if it even exists), but after saving the API json the field is removed.
Are there any docs on what all the configurations options do? Since you can’t use the UI to configure everything, it feels like shooting in the dark guessing what I think some of the config options might do.