You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using Auth0 and the example application. I notice the accessToken generated cannot be used for to make external API calls to a different backend service verifying tokens with Auth0. The decoded jwt token's aud doesn't match the expected aud. The error returned is JWTClaimsError('Invalid audience').
I haven't dug deep into why, but maybe when setting the strategy, you should allow setting the audience. See
authenticator.use(newAuth0Strategy({callbackURL: process.env.AUTH0_CALLBACK_URL,clientID: process.env.AUTH0_CLIENT_ID,clientSecret: process.env.AUTH0_CLIENT_SECRET,domain: process.env.AUTH0_DOMAIN,scope: process.env.AUTH0_SCOPES,audience: process.env.AUTH0_AUDIENCE,// this may be the fix. :)},
...
Describe the bug
Using Auth0 and the example application. I notice the accessToken generated cannot be used for to make external API calls to a different backend service verifying tokens with Auth0. The decoded jwt token's
aud
doesn't match the expectedaud
. The error returned is JWTClaimsError('Invalid audience').I haven't dug deep into why, but maybe when setting the strategy, you should allow setting the audience. See
Your Example Website or App
NA
Steps to Reproduce the Bug or Issue
Expected behavior
Token should be valid
Screenshots or Videos
No response
Platform
Additional context
No response
The text was updated successfully, but these errors were encountered: