From 2a2c70eaa6ec4a8f0ece0f696e4ab5c2c2825c4c Mon Sep 17 00:00:00 2001 From: Milinda Dias Date: Wed, 30 Jul 2025 03:18:27 +0530 Subject: [PATCH] feat: aud documentation --- docs/router/authentication-and-authorization.mdx | 3 +++ docs/router/configuration.mdx | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/docs/router/authentication-and-authorization.mdx b/docs/router/authentication-and-authorization.mdx index e69768a9..495c11c3 100644 --- a/docs/router/authentication-and-authorization.mdx +++ b/docs/router/authentication-and-authorization.mdx @@ -30,6 +30,9 @@ In the current router version, the configuration and behavior of authentication refresh_interval: 2m # optional list of allowed algorithms per JWKS algorithms: ["RS256", "EdDSA", "HS512"] + audiences: + - http://aud1 + - http://aud2 - symmetric_algorithm: HS256 secret: header_key_id: some-key-id diff --git a/docs/router/configuration.mdx b/docs/router/configuration.mdx index 89437326..86692ec0 100644 --- a/docs/router/configuration.mdx +++ b/docs/router/configuration.mdx @@ -1427,6 +1427,14 @@ This is useful when you have a symmetric key that you cannot expose through a JW | symmetric_algorithm | | Specify which symmetric algorithm is used for signing, supported algorithms are "HS256", "HS384", "HS512" | | +#### Audience Validation +In addition to the above JWKS configuration flavours, you can define a list of audiences of which one is required (if specified) with either options. + +| YAML | Required | Description | Default Value | +| --------------------------------------------------------------------------- | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -----------------| +| audiences | | The allowed list of audiences, of which at least one audience is required in the token | [] | + + ### JWT | YAML | Required | Description | Default Value |