keycloak-scim/server_admin/topics/threat/audience-limit.adoc
2021-05-31 08:59:58 +02:00

6 lines
No EOL
357 B
Text

=== Limit Token Audience
In environments where the level of trust among services is low, it is a good practice to limit the audiences on the token. The
motivation behind this is described in the https://datatracker.ietf.org/doc/html/rfc6819#section-5.1.5.5[OAuth2 Threat Model] document and
more details are in the <<_audience, Audience Support section>>.