v26.2.1
v26.2.1
Accept custom domain issuer as valid audience in JWT Bearer Grant
When using a custom domain (CNAME) as the OAuth2 issuer URL, Hydra now accepts the issuer-derived token URL as a valid audience in JWT Bearer Grant assertions. Previously, only the internal public URL was accepted, causing JWT Bearer Grant requests to fail when clients set the audience to the custom domain token endpoint.