chossenger
KKinde
•Created by chossenger on 3/27/2025 in #💻┃support
Token request containing audience with trailing slash provisioned but missing scopes
We've had a couple instances of our API's consumers requesting tokens, but when setting the audience in their token request, adding a trailing slash to the audience domain.
In the API definition in Kinde, the audience does not have this trailing slash.
The result is that a token is granted (with the provided audience), but it has no scopes included in the token
My expectation is that the request would either provide a token with the usual scopes (as if the audience had been provided with the exact correct domain/audience), OR the request would be rejected as if the caller had provided an incorrect audience.
n.b. this appears to be the case for any amount of trailing path after the slash as well. Is this intended behaviour?
10 replies