Caution
Important note about opaque access tokens and audience.
There is some important breaking changes in version 2.0 of ForwardAuth. It is now mandatory to set an audience when requesting authorization. This change is required due to how Auth0 handles two different kinds of token formats, opaque tokens and jwt tokens, for access tokens. The only token that is possible to validate and verify is the jwt token. Therefor its from now on required to set the audience in the application config and the application will not work otherwise.
In effect it means that you now must create an API in Auth0 and set that API as audience in your application.yaml.
See Why is my access token not a jwt? for more info.
../../example/application.yaml
../../example/application.yaml
See the example configuration <configuration> for a complete example of an application.yaml file that the FordwardAuth application need to run.