Keycloak

Preparing Client

Create a client

• Go to Clients
• Click Create client
• Give a ClientId this id will be used in authentication later let's say : bookit-client
• in Capability config tab check Standard flow and Direct access grants

• After it's created click client in Clients list and go to Advanced tab
• In the Fine grain OpenID Connect configuration section select RS256 in 'Access token signature algorithm

Audiance in Token

• Go to Client scopes
• Click Create client scope
• Name : aud-scope / or anything you like
• Protocol : OpenID Connect
• Save and Click Mappers tab
• Add Mapper->By configuration
• Mapper type : Audience
• Name : aud-claim
• Included Client Audience : bookit-client
• set 'On' to all tokens at the bottom