Configuring the "audience" in hosted login page

I am using auth0 “/authorize” endpoint with “audience” to get an access token in JWT format. But, I don’t want to pass the “audience” as query param, because the service that I use, do not allow query params.

What I am trying to do is that giving default audience for my client in hosted login page.

var auth = {
  redirectUrl: config.callbackURL,
  responseType: (config.internalOptions || {}).response_type ||
  config.callbackOnLocationHash ? 'token' : 'code',
  params: config.internalOptions
}

if(config.clientID === "CLIENT_ID") {
  auth.audience = "https://test.com/test";
  auth.params.audience = "https://test.com/test";
}

When I do this, the login page is not loading, I am seeing only an empty page. What could be the problem in here? If this approach does not make sense, what could be an alternative solution?

Thanks for your help!

The recommended approach would indeed be to pass the audience in the initial request to /authorize, however, if that is not available because of a restriction of the client then your option would be to configure a tenant/domain wide default audience (you should not try do it in the hosted login page).

You can configure a default audience by accessing the tenant settings and setting the Default Audience field. Have in mind that this change will affect every request that don’t specify an audience; since using an audience also triggers breaking changes in legacy flows you need to take that under consideration.

Another option would be to have a middle-man that does this for you; as in the client application that does not support query parameters calls this middle-man that just redirects with the correct audience. However, this introduces complexity and it would be up to you to not mess up anything (security related) in that middle-man.

1 Like