Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> How do I inject the `aud` claim into the JWT generated from a session

To inject the `aud` claim into the JWT generated from a session, you can use the `id_token` mutator in Ory Oathkeeper. This mutator allows you to specify custom claims, like the audience of ID tokens, via the `claims` field of the mutator's `config` field.   Here is an example of how you can set the `aud` claim in the configuration:  ```json {   "handler": "id_token",   "config": {     "claims": "{\"aud\": [\"<https://my-backend-service/some/endpoint\>"],\"def\": \"{{ print .Extra.some.arbitrary.data }}\"}"   } } ```  In this example, the `aud` claim is set to the URL of the backend service. The `def` claim is set to an arbitrary data from the `Extra` map. The values are parsed by the Go `text/template` package for value substitution, receiving the `AuthenticationSession` struct.  Please note that certain keys (such as the `sub`) claim can't be overwritten.  For more details, please check the [Ory documentation](<https://www.ory.sh/docs/oathkeeper/pipeline/mutator#id_token-claims>).