Hey there! I posted on the [Github Discussions pag...
# ory-networkf
full-scientist-38268
07/07/2023, 8:28 PMHey there! I posted on the [Github Discussions page](https://github.com/ory/hydra/discussions/3562#discussioncomment-6387808) regarding an issue I'm having integrating Ory Network with a server lifecycle management tool we are using called Foreman but I figured I'd post here as well as this slack group seems a bit more active. The tldr is I'm having trouble getting an audience back from the token after integrating Ory.
full-scientist-38268
07/07/2023, 8:29 PMI believe the issue is I'm getting an access token back as opposed to an ID token but I am unsure of why this is happening. Any help would be greatly appreciated!
f
flat-flower-81031
07/07/2023, 9:50 PMWhat does the response look like when you exchange the code for the tokens?
flat-flower-81031
07/07/2023, 10:04 PMYou also need to make sure the initial authorization request (to /oauth2/auth) contains a
scope=openidf
full-scientist-38268
07/17/2023, 8:00 PMI managed to figure this out. For anyone who needs to set up OIDC with an apache server config, this was how I set up my configuration file to make it work:
Copy code
# # OIDC
OIDCClientID <redacted>
OIDCProviderMetadataURL <redacted>
OIDCCryptoPassphrase <redacted>
OIDCClientSecret <redacted>
OIDCRedirectURI <redacted>
OIDCRemoteUserClaim email
OIDCProviderAuthorizationEndpoint <redacted>/oauth2/auth?audience=<redacted(url of audience)>/&scope=openid%20email
OIDCProviderTokenEndpoint <redacted>/oauth2/token?scope=email
OIDCScope "openid email"
OIDCResponseType "id_token"
<Location /users/extlogin>
AuthType openid-connect
Require valid-user
LogLevel debug
RequestHeader set REMOTE_USER %{OIDC_CLAIM_email}e
RequestHeader set REMOTE_USER_EMAIL %{OIDC_CLAIM_email}e
</Location>2 Views