issuers:
- foo
- bar
audience:
- zap
scopes:
- baz
allowed_algorithms:
- ES512
validity_leeway: 5s
Here we say, the token must have been issued either by the issuer foo
, or the issuer bar
, the aud
claim must contain zap
, the scope claim (either scp
or scope
) must be present and contain the scope baz
, if the token or the introspection response is signed, it must have been signed by using the ES512
algorithm (ECDSA using P-521 and SHA-512) and if the information about token validity is present, we respect a deviation of 5 seconds.