JWTClaimsError('Invalid audience')

[casoetan]

Describe the bug

Using Auth0 and the example application. I notice the accessToken generated cannot be used for to make external API calls to a different backend service verifying tokens with Auth0. The decoded jwt token's aud doesn't match the expected aud. The error returned is JWTClaimsError('Invalid audience').

I haven't dug deep into why, but maybe when setting the strategy, you should allow setting the audience. See

authenticator.use(
  new Auth0Strategy(
    {
      callbackURL: process.env.AUTH0_CALLBACK_URL,
      clientID: process.env.AUTH0_CLIENT_ID,
      clientSecret: process.env.AUTH0_CLIENT_SECRET,
      domain: process.env.AUTH0_DOMAIN,
      scope: process.env.AUTH0_SCOPES,

      audience: process.env.AUTH0_AUDIENCE,  // this may be the fix. :)
    },
...

Your Example Website or App

NA

Steps to Reproduce the Bug or Issue

• Use the default auth0 example
• create a backend service (I used python) following the instructions here: https://auth0.com/docs/quickstart/backend/python/01-authorization
• try to query the backend with the token generated via remix-auth
• Fails to validate token due to different audience

Expected behavior

Token should be valid

Screenshots or Videos

No response

Platform

• OS: macOS
• Browser: Chrome

Additional context

No response