How can I request multiple audience for ID Token in Authorization Endpoint?

I have a front-end SPA and several backend services with different client_id, let’s say “spa”, “service1”, “service2”. I initiate the authentication flow with my SPA, and I wanna get an ID Token that “aud” equals to [“service1”, “service2”] and “azp” equals to “spa”.

So, how can I do that? I didn’t find where I can specify the audience values in an id_token.

I have tried to add an audience parameter appended to the authorization endpoint but I got the audience in the access_token, not the id_token. I know that there are two types of audience concept of id_token and access_token. My service1 and service2 are both Relying Party Client, not Resource Service, so they should consume id tokens.


I think that’s currently not possible, if you open an issue we can discuss how to implement that :slight_smile:

Thanks, I will write a new issue to hydra’s github project.